bpf, net: Avoid loading module when calling bpf_setsockopt(TCP_CONGESTION)

When bpf prog changes tcp-cc by calling bpf_setsockopt(TCP_CONGESTION),
it should not try to load module which may be a blocking operation.
This details was correct in the v1 [0] but missed by mistake in the
later revision in commit cb388e7ee3a8 ("bpf: net: Change do_tcp_setsockopt()
to use the sockopt's lock_sock() and capable()"). This patch fixes it by
checking the has_current_bpf_ctx().

  [0] https://lore.kernel.org/bpf/20220727060921.2373314-1-kafai@fb.com/

Fixes: cb388e7ee3a8 ("bpf: net: Change do_tcp_setsockopt() to use the sockopt's lock_sock() and capable()")
Signed-off-by: Martin KaFai Lau <martin.lau@linux.dev>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20220830231946.791504-1-martin.lau@linux.dev

diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index a6986f201f923231cbb93bf70eafddba293d9dad..f0d79ea45ac8ddd03e07d2adcca062bacfbde62f 100644 (file)
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -3503,7 +3503,7 @@ int do_tcp_setsockopt(struct sock *sk, int level, int optname,
                name[val] = 0;
 
                sockopt_lock_sock(sk);
-               err = tcp_set_congestion_control(sk, name, true,
+               err = tcp_set_congestion_control(sk, name, !has_current_bpf_ctx(),
                                                 sockopt_ns_capable(sock_net(sk)->user_ns,
                                                                    CAP_NET_ADMIN));
                sockopt_release_sock(sk);