lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 25 Jan 2018 23:38:48 +0800
From:   Yafang Shao <laoar.shao@...il.com>
To:     tj@...nel.org, guro@...com, davem@...emloft.net,
        longman@...hat.com, lizefan@...wei.com, hannes@...xchg.org
Cc:     cgroups@...r.kernel.org, linux-kernel@...r.kernel.org,
        Yafang Shao <laoar.shao@...il.com>
Subject: [PATCH bpf-next] cgroup: support attaching eBPF programs to net_prio cgroup

If net_prio is used, we could also use eBPF programs to attach it,
because the net_prio cgroup could be got with prioidx in struct
sock_cgroup_data.
Hence it should not only be limited to cgroup2.

Signed-off-by: Yafang Shao <laoar.shao@...il.com>
---
 include/linux/cgroup.h | 18 ++++++++++++++++--
 kernel/cgroup/cgroup.c |  6 +-----
 2 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/include/linux/cgroup.h b/include/linux/cgroup.h
index 473e0c0..1d67def 100644
--- a/include/linux/cgroup.h
+++ b/include/linux/cgroup.h
@@ -772,8 +772,22 @@ static inline struct cgroup *sock_cgroup_ptr(struct sock_cgroup_data *skcd)
 	 */
 	v = READ_ONCE(skcd->val);

-	if (v & 1)
-		return &cgrp_dfl_root.cgrp;
+	/* either net_prio or net_cls or both being used. */
+	if (v & 1) {
+		if (skcd->prioidx != 1) {
+			struct cgroup_subsys_state *css;
+			struct cgroup *cg;
+
+			rcu_read_lock();
+			css = css_from_id(skcd->prioidx, &net_prio_cgrp_subsys);
+			cg = css->cgroup;
+			rcu_read_unlock();
+
+			return cg;
+		}
+
+		return task_cgroup(current, net_prio_cgrp_id);
+	}

 	return (struct cgroup *)(unsigned long)v ?: &cgrp_dfl_root.cgrp;
 #else
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 7e4c445..59610f5 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -5735,7 +5735,7 @@ struct cgroup *cgroup_get_from_path(const char *path)

 /**
  * cgroup_get_from_fd - get a cgroup pointer from a fd
- * @fd: fd obtained by open(cgroup2_dir)
+ * @fd: fd obtained by open(cgroup2_dir or net_prio_dir)
  *
  * Find the cgroup from a fd which should be obtained
  * by opening a cgroup directory.  Returns a pointer to the
@@ -5758,10 +5758,6 @@ struct cgroup *cgroup_get_from_fd(int fd)
 		return ERR_CAST(css);

 	cgrp = css->cgroup;
-	if (!cgroup_on_dfl(cgrp)) {
-		cgroup_put(cgrp);
-		return ERR_PTR(-EBADF);
-	}

 	return cgrp;
 }
--
1.8.3.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ