netdev - [RFC PATCH 3/3] rds: invoke sk filter attached to rds socket

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date:   Fri,  8 Jun 2018 23:00:07 +0200
From:   Tushar Dave <tushar.n.dave@...cle.com>
To:     netdev@...r.kernel.org, ast@...nel.org, daniel@...earbox.net,
        davem@...emloft.net, john.fastabend@...il.com,
        jakub.kicinski@...ronome.com, kafai@...com, rdna@...com,
        quentin.monnet@...ronome.com, brakmo@...com, acme@...hat.com
Subject: [RFC PATCH 3/3] rds: invoke sk filter attached to rds socket

RDS module sits on top of TCP (rds_tcp) and IB (rds_rdma), so messages
arrive in form of skb (over TCP) and scatterlist (over IB/RDMA).
However, because socket filter only deal with skb (e.g. struct skb as
bpf context) we can only use socket filter for rds_tcp and not for
rds_rdma. For that reason this patch invokes socket filter only for
rds socket with tcp transport e.g. rds_tcp.

note:
BTW, we dont want rds-core to be polluted by module-specific data
structures e.g. we included tcp.h to retrieve rds_tcp specific
structures. For non-RFC version we will add a way to get transport
specific indirections to get the skb.

Signed-off-by: Tushar Dave <tushar.n.dave@...cle.com>
Reviewed-by: Shannon Nelson <shannon.nelson@...cle.com>
Reviewed-by: Sowmini Varadhan <sowmini.varadhan@...cle.com>
---
 net/rds/recv.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/net/rds/recv.c b/net/rds/recv.c
index dc67458..3be9628 100644
--- a/net/rds/recv.c
+++ b/net/rds/recv.c
@@ -39,6 +39,7 @@
 #include <linux/rds.h>
 
 #include "rds.h"
+#include "tcp.h"
 
 void rds_inc_init(struct rds_incoming *inc, struct rds_connection *conn,
 		  __be32 saddr)
@@ -369,6 +370,22 @@ void rds_recv_incoming(struct rds_connection *conn, __be32 saddr, __be32 daddr,
 	/* We can be racing with rds_release() which marks the socket dead. */
 	sk = rds_rs_to_sk(rs);
 
+	if (rs->rs_transport->t_type == RDS_TRANS_TCP) {
+		struct sk_buff *skb;
+		struct sk_filter *filter = sk->sk_filter;
+		struct rds_tcp_incoming *tinc;
+
+		tinc = container_of(inc, struct rds_tcp_incoming, ti_inc);
+		skb = tinc->ti_skb_list.next;
+		rcu_read_lock();
+		filter = rcu_dereference(sk->sk_filter);
+		if (filter) {
+			bpf_compute_data_pointers(skb);
+			bpf_prog_run_save_cb(filter->prog, skb);
+		}
+		rcu_read_unlock();
+	}
+
 	/* serialize with rds_release -> sock_orphan */
 	write_lock_irqsave(&rs->rs_recv_lock, flags);
 	if (!sock_flag(sk, SOCK_DEAD)) {
-- 
1.8.3.1