selftests/bpf: Selftest for sys_bind hooks

Add selftest to work with bpf_sock_addr context from
`BPF_PROG_TYPE_CGROUP_SOCK_ADDR` programs.

Try to bind(2) on IP:port and apply:
* loads to make sure context can be read correctly, including narrow
  loads (byte, half) for IP and full-size loads (word) for all fields;
* stores to those fields allowed by verifier.

All combination from IPv4/IPv6 and TCP/UDP are tested.

Both scenarios are tested:
* valid programs can be loaded and attached;
* invalid programs can be neither loaded nor attached.

Test passes when expected data can be read from context in the
BPF-program, and after the call to bind(2) socket is bound to IP:port
pair that was written by BPF-program to the context.

Example:
  # ./test_sock_addr
  Attached bind4 program.
  Test case #1 (IPv4/TCP):
          Requested: bind(192.168.1.254, 4040) ..
             Actual: bind(127.0.0.1, 4444)
  Test case #2 (IPv4/UDP):
          Requested: bind(192.168.1.254, 4040) ..
             Actual: bind(127.0.0.1, 4444)
  Attached bind6 program.
  Test case #3 (IPv6/TCP):
          Requested: bind(face:b00c:1234:5678::abcd, 6060) ..
             Actual: bind(::1, 6666)
  Test case #4 (IPv6/UDP):
          Requested: bind(face:b00c:1234:5678::abcd, 6060) ..
             Actual: bind(::1, 6666)
  ### SUCCESS

Signed-off-by: Andrey Ignatov <rdna@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>

1 files changed, 23 insertions, 0 deletions

diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
index e1c1fed63396..f2120c5c0578 100644
--- a/tools/include/uapi/linux/bpf.h
+++ b/tools/include/uapi/linux/bpf.h
@@ -136,6 +136,7 @@ enum bpf_prog_type {
         BPF_PROG_TYPE_CGROUP_DEVICE,
         BPF_PROG_TYPE_SK_MSG,
         BPF_PROG_TYPE_RAW_TRACEPOINT,
+        BPF_PROG_TYPE_CGROUP_SOCK_ADDR,
 };
 
 enum bpf_attach_type {
@@ -147,6 +148,8 @@ enum bpf_attach_type {
         BPF_SK_SKB_STREAM_VERDICT,
         BPF_CGROUP_DEVICE,
         BPF_SK_MSG_VERDICT,
+        BPF_CGROUP_INET4_BIND,
+        BPF_CGROUP_INET6_BIND,
         __MAX_BPF_ATTACH_TYPE
 };
 
@@ -1009,6 +1012,26 @@ struct bpf_map_info {
         __u64 netns_ino;
 } __attribute__((aligned(8)));
 
+/* User bpf_sock_addr struct to access socket fields and sockaddr struct passed
+ * by user and intended to be used by socket (e.g. to bind to, depends on
+ * attach attach type).
+ */
+struct bpf_sock_addr {
+        __u32 user_family;      /* Allows 4-byte read, but no write. */
+        __u32 user_ip4;         /* Allows 1,2,4-byte read and 4-byte write.
+                                 * Stored in network byte order.
+                                 */
+        __u32 user_ip6[4];      /* Allows 1,2,4-byte read an 4-byte write.
+                                 * Stored in network byte order.
+                                 */
+        __u32 user_port;        /* Allows 4-byte read and write.
+                                 * Stored in network byte order
+                                 */
+        __u32 family;           /* Allows 4-byte read, but no write */
+        __u32 type;             /* Allows 4-byte read, but no write */
+        __u32 protocol;         /* Allows 4-byte read, but no write */
+};
+
 /* User bpf_sock_ops struct to access socket values and specify request ops
  * and their replies.
  * Some of this fields are in network (bigendian) byte order and may need