[PATCH bpf-next v8 1/4] bpf: Add update_socket_protocol hook

Geliang Tang geliang.tang at suse.com
Thu Aug 3 13:05:40 UTC 2023


On Thu, Aug 03, 2023 at 02:53:38PM +0200, Simon Horman wrote:
> On Thu, Aug 03, 2023 at 03:30:39PM +0800, Geliang Tang wrote:
> > Add a hook named update_socket_protocol in __sys_socket(), for bpf
> > progs to attach to and update socket protocol. One user case is to
> > force legacy TCP apps to create and use MPTCP sockets instead of
> > TCP ones.
> > 
> > Define a mod_ret set named bpf_mptcp_fmodret_ids, add the hook
> > update_socket_protocol into this set, and register it in
> > bpf_mptcp_kfunc_init().
> > 
> > Signed-off-by: Geliang Tang <geliang.tang at suse.com>
> 
> ...
> 
> > diff --git a/net/socket.c b/net/socket.c
> > index 2b0e54b2405c..586a437d7a5e 100644
> > --- a/net/socket.c
> > +++ b/net/socket.c
> > @@ -1644,11 +1644,36 @@ struct file *__sys_socket_file(int family, int type, int protocol)
> >  	return sock_alloc_file(sock, flags, NULL);
> >  }
> >  
> > +/**
> 
> Hi Geliang Tang,
> 
> nit: The format of the text below is not in kernel doc format,
>      so it is probably better if the comment begins with '/*'
>      rather than '/**'.

I do use '/*' here first, but got a checkpatch.pl warning:

  ./scripts/checkpatch.pl v8-0001-bpf-Add-update_socket_protocol-hook.patch 
  WARNING: networking block comments don't use an empty /* line, use /* Comment...
  #63: FILE: net/socket.c:1648:
  +/*
  + *	A hook for bpf progs to attach to and update socket protocol.

  total: 0 errors, 1 warnings, 0 checks, 59 lines checked

And I found that other comments in net/socket.c all begins with '/**'.
So I use '/**' here too.

Thanks,
-Geliang

> 
> > + *	A hook for bpf progs to attach to and update socket protocol.
> > + *
> > + *	A static noinline declaration here could cause the compiler to
> > + *	optimize away the function. A global noinline declaration will
> > + *	keep the definition, but may optimize away the callsite.
> > + *	Therefore, __weak is needed to ensure that the call is still
> > + *	emitted, by telling the compiler that we don't know what the
> > + *	function might eventually be.
> > + *
> > + *	__diag_* below are needed to dismiss the missing prototype warning.
> > + */
> 
> ...



More information about the Linux-security-module-archive mailing list