bpf: remove check in __cgroup_bpf_run_filter_skb

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Originally, this patch removed a redundant check in
BPF_CGROUP_RUN_PROG_INET_EGRESS, as the check was already being done in
the function it called, __cgroup_bpf_run_filter_skb. For v2, it was
reccomended that I remove the check from __cgroup_bpf_run_filter_skb,
and add the checks to the other macro that calls that function,
BPF_CGROUP_RUN_PROG_INET_INGRESS.

To sum it up, checking that the socket exists and that it is a full
socket is now part of both macros BPF_CGROUP_RUN_PROG_INET_EGRESS and
BPF_CGROUP_RUN_PROG_INET_INGRESS, and it is no longer part of the
function they call, __cgroup_bpf_run_filter_skb.

v3->v4: Fixed weird merge conflict.
v2->v3: Sent to bpf-next instead of generic patch
v1->v2: Addressed feedback about where check should be removed.

Signed-off-by: Oliver Crumrine <ozlinuxc@gmail.com>
Acked-by: Stanislav Fomichev <sdf@google.com>
Link: https://lore.kernel.org/r/7lv62yiyvmj5a7eozv2iznglpkydkdfancgmbhiptrgvgan5sy@3fl3onchgdz3
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>

authored by

Oliver Crumrine and committed by

Martin KaFai Lau 2 years ago 32e18e76 2c21a0f6

+2 -4

2 changed files

expand all

include

linux

bpf-cgroup.h

kernel

bpf

cgroup.c

+2 -1

include/linux/bpf-cgroup.h

··· 196 196 ({ \ 197 197 int __ret = 0; \ 198 198 if (cgroup_bpf_enabled(CGROUP_INET_INGRESS) && \ 199 - cgroup_bpf_sock_enabled(sk, CGROUP_INET_INGRESS)) \ 199 + cgroup_bpf_sock_enabled(sk, CGROUP_INET_INGRESS) && sk && \ 200 + sk_fullsock(sk)) \ 200 201 __ret = __cgroup_bpf_run_filter_skb(sk, skb, \ 201 202 CGROUP_INET_INGRESS); \ 202 203 \

-3

kernel/bpf/cgroup.c

··· 1364 1364 struct cgroup *cgrp; 1365 1365 int ret; 1366 1366 1367 - if (!sk || !sk_fullsock(sk)) 1368 - return 0; 1369 - 1370 1367 if (sk->sk_family != AF_INET && sk->sk_family != AF_INET6) 1371 1368 return 0; 1372 1369