bpf: Add support for {set|get} socket options from setsockopt BPF

Add logic to call bpf_setsockopt() and bpf_getsockopt() from setsockopt BPF
programs. An example use case is when the user sets the IPV6_TCLASS socket
option, we would also like to change the tcp-cc for that socket.

We don't have any use case for calling bpf_setsockopt() from supposedly read-
only sys_getsockopt(), so it is made available to BPF_CGROUP_SETSOCKOPT only
at this point.

Signed-off-by: Prankur Gupta <prankgup@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Song Liu <songliubraving@fb.com>
Link: https://lore.kernel.org/bpf/20210817224221.3257826-2-prankgup@fb.com

diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c
index 9f35928bab0ac34b54b941174872eece8e66d235..8e9d99e2ade49f2007a8852e16be5330e7da6938 100644 (file)
--- a/kernel/bpf/cgroup.c
+++ b/kernel/bpf/cgroup.c
@@ -1873,6 +1873,14 @@ cg_sockopt_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
                return &bpf_sk_storage_get_proto;
        case BPF_FUNC_sk_storage_delete:
                return &bpf_sk_storage_delete_proto;
+       case BPF_FUNC_setsockopt:
+               if (prog->expected_attach_type == BPF_CGROUP_SETSOCKOPT)
+                       return &bpf_sk_setsockopt_proto;
+               return NULL;
+       case BPF_FUNC_getsockopt:
+               if (prog->expected_attach_type == BPF_CGROUP_SETSOCKOPT)
+                       return &bpf_sk_getsockopt_proto;
+               return NULL;
 #endif
 #ifdef CONFIG_INET
        case BPF_FUNC_tcp_sock: