lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 6 Jul 2023 09:11:15 +0100
From: Lorenz Bauer <lmb@...valent.com>
To: Kuniyuki Iwashima <kuniyu@...zon.com>
Cc: andrii@...nel.org, ast@...nel.org, bpf@...r.kernel.org, 
	daniel@...earbox.net, davem@...emloft.net, dsahern@...nel.org, 
	edumazet@...gle.com, haoluo@...gle.com, hemanthmalla@...il.com, joe@...ium.io, 
	joe@...d.net.nz, john.fastabend@...il.com, jolsa@...nel.org, 
	kpsingh@...nel.org, kuba@...nel.org, linux-kernel@...r.kernel.org, 
	linux-kselftest@...r.kernel.org, martin.lau@...ux.dev, mykolal@...com, 
	netdev@...r.kernel.org, pabeni@...hat.com, sdf@...gle.com, shuah@...nel.org, 
	song@...nel.org, willemdebruijn.kernel@...il.com, yhs@...com
Subject: Re: [PATCH bpf-next v4 6/7] bpf, net: Support SO_REUSEPORT sockets
 with bpf_sk_assign

On Thu, Jul 6, 2023 at 1:41 AM Kuniyuki Iwashima <kuniyu@...zon.com> wrote:
>
> Sorry for late reply.
>
> What we know about sk before inet6?_lookup_reuseport() are
>
>   (1) sk was full socket in bpf_sk_assign()
>   (2) sk had SOCK_RCU_FREE in bpf_sk_assign()
>   (3) sk was TCP_LISTEN here if TCP

Are we looking at the same bpf_sk_assign? Confusingly there are two
very similarly named functions. The one we care about is:

BPF_CALL_3(bpf_sk_assign, struct sk_buff *, skb, struct sock *, sk, u64, flags)
{
    if (!sk || flags != 0)
        return -EINVAL;
    if (!skb_at_tc_ingress(skb))
        return -EOPNOTSUPP;
    if (unlikely(dev_net(skb->dev) != sock_net(sk)))
        return -ENETUNREACH;
    if (sk_is_refcounted(sk) &&
        unlikely(!refcount_inc_not_zero(&sk->sk_refcnt)))
        return -ENOENT;

    skb_orphan(skb);
    skb->sk = sk;
    skb->destructor = sock_pfree;

    return 0;
}

>From this we can't tell what state the socket is in or whether it is
RCU freed or not.

Thanks
Lorenz

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ