Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Connectivity / 901db13423b8d260d12e2f40fa15e0878af4e4f6^1..901db13423b8d260d12e2f40fa15e0878af4e4f6 / .
commit901db13423b8d260d12e2f40fa15e0878af4e4f6[log] [tgz]
authorYuyang Huang <yuyanghuang@google.com>Wed Feb 07 20:06:02 2024 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Wed Feb 07 20:06:02 2024 +0000
tree2fc18c33db66d15c26e337d5cbafd470de57a845
parent804aa2326d46f4c76db17d8c89cea58ed5f367a2 [diff]
parenta08846c6d30599db5756f9a8a3537e3c7497d7ea [diff]
Merge "netd.c: handle overflowuid in bpf_owner_match()" into main
diff --git a/bpf_progs/netd.c b/bpf_progs/netd.c
index f223dd1..1c84d63 100644
--- a/bpf_progs/netd.c
+++ b/bpf_progs/netd.c

@@ -446,8 +446,18 @@
                                                       const struct egress_bool egress,
                                                       const bool enable_tracing,
                                                       const struct kver_uint kver) {
+    // sock_uid will be 'overflowuid' if !sk_fullsock(sk_to_full_sk(skb->sk))
     uint32_t sock_uid = bpf_get_socket_uid(skb);
-    uint64_t cookie = bpf_get_socket_cookie(skb);
+
+    // kernel's DEFAULT_OVERFLOWUID is 65534, this is the overflow 'nobody' uid,
+    // usually this being returned means that skb->sk is NULL during RX
+    // (early decap socket lookup failure), which commonly happens for incoming
+    // packets to an unconnected udp socket.
+    // But it can also happen for egress from a timewait socket.
+    // Let's treat such cases as 'root' which is_system_uid()
+    if (sock_uid == 65534) sock_uid = 0;
+
+    uint64_t cookie = bpf_get_socket_cookie(skb);  // 0 iff !skb->sk
     UidTagValue* utag = bpf_cookie_tag_map_lookup_elem(&cookie);
     uint32_t uid, tag;
     if (utag) {