| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 Dec 2017 14:59:40 +0100
From: Daniel Borkmann <daniel@...earbox.net>
To: Lawrence Brakmo <brakmo@...com>, netdev <netdev@...r.kernel.org>
Cc: Alexei Starovoitov <ast@...com>, Kernel Team <Kernel-team@...com>,
Blake Matheny <bmatheny@...com>,
Vlad Dumitrescu <vladum@...gle.com>
Subject: Re: [PATCH net-next] bpf: Add access to snd_cwnd and others in
sock_ops
On 12/05/2017 01:21 AM, Lawrence Brakmo wrote:
[...]
> Just a question for clarification: do you need to have this in
> the uapi struct as well? Meaning, do you have a specific use case
> where you do this check out of the BPF program given the below
> two snd_cwnd/srtt_us check this internally in the ctx rewrite?
>
> Although is_fullsock is checked internally, the bpf program may want to
> verify if a return value of zero is due to a non fullsock state. The issue is
> that there are some ops that are called from both active and passive paths
> so it is not possible to know just by the op type.
Ok, fair point. Patch applied to bpf-next, thanks Lawrence!
> Do you plan to reuse the ctx assignment also for bpf_setsockopt()
> and bpf_getsockopt() internally?
>
> If you mean, check is_fullsock instead of the call to sk_fullsock, then yes, it is
> a great idea. However, I would rather do it in another patch so we don’t delay
> this one (I have other things almost ready that depend on this patch).
That's fine by me.
Powered by blists - more mailing lists