Skip to content

Commit 8768770

Browse files
axboeaxboe
committed
io_uring/bpf_filter: allow filtering on contents of struct open_how
This adds custom filtering for IORING_OP_OPENAT and IORING_OP_OPENAT2, where the open_how flags, mode, and resolve can be checked by filters. Signed-off-by: Jens Axboe <axboe@kernel.dk>
1 parent cff1c26 commit 8768770

File tree

4 files changed

+23
-0
lines changed

4 files changed

+23
-0
lines changed

include/uapi/linux/io_uring/bpf_filter.h

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,11 @@ struct io_uring_bpf_ctx {
2222
__u32 type;
2323
__u32 protocol;
2424
} socket;
25+
struct {
26+
__u64 flags;
27+
__u64 mode;
28+
__u64 resolve;
29+
} open;
2530
};
2631
};
2732

io_uring/bpf_filter.c

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
#include "io_uring.h"
1313
#include "bpf_filter.h"
1414
#include "net.h"
15+
#include "openclose.h"
1516

1617
struct io_bpf_filter {
1718
struct bpf_prog *prog;
@@ -40,6 +41,11 @@ static void io_uring_populate_bpf_ctx(struct io_uring_bpf_ctx *bctx,
4041
bctx->pdu_size = sizeof(bctx->socket);
4142
io_socket_bpf_populate(bctx, req);
4243
break;
44+
case IORING_OP_OPENAT:
45+
case IORING_OP_OPENAT2:
46+
bctx->pdu_size = sizeof(bctx->open);
47+
io_openat_bpf_populate(bctx, req);
48+
break;
4349
}
4450
}
4551

io_uring/openclose.c

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -85,6 +85,15 @@ static int __io_openat_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe
8585
return 0;
8686
}
8787

88+
void io_openat_bpf_populate(struct io_uring_bpf_ctx *bctx, struct io_kiocb *req)
89+
{
90+
struct io_open *open = io_kiocb_to_cmd(req, struct io_open);
91+
92+
bctx->open.flags = open->how.flags;
93+
bctx->open.mode = open->how.mode;
94+
bctx->open.resolve = open->how.resolve;
95+
}
96+
8897
int io_openat_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
8998
{
9099
struct io_open *open = io_kiocb_to_cmd(req, struct io_open);

io_uring/openclose.h

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,14 @@
11
// SPDX-License-Identifier: GPL-2.0
22

3+
#include "bpf_filter.h"
4+
35
int __io_close_fixed(struct io_ring_ctx *ctx, unsigned int issue_flags,
46
unsigned int offset);
57

68
int io_openat_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe);
79
int io_openat(struct io_kiocb *req, unsigned int issue_flags);
810
void io_open_cleanup(struct io_kiocb *req);
11+
void io_openat_bpf_populate(struct io_uring_bpf_ctx *bctx, struct io_kiocb *req);
912

1013
int io_openat2_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe);
1114
int io_openat2(struct io_kiocb *req, unsigned int issue_flags);

0 commit comments

Comments
 (0)