lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <e7903094-37aa-e321-c04d-a3026f1904db@iogearbox.net>
Date:   Wed, 9 Dec 2020 09:29:05 +0100
From:   Daniel Borkmann <daniel@...earbox.net>
To:     Florent Revest <revest@...omium.org>, bpf@...r.kernel.org
Cc:     ast@...nel.org, andrii@...nel.org, kpsingh@...omium.org,
        revest@...gle.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH bpf-next v2 1/3] bpf: Expose bpf_get_socket_cookie to
 tracing programs

On 12/8/20 8:30 PM, Florent Revest wrote:
> On Fri, 2020-12-04 at 20:03 +0100, Daniel Borkmann wrote:
>> On 12/4/20 7:56 PM, Daniel Borkmann wrote:
>>> On 12/3/20 10:33 PM, Florent Revest wrote:
>>>> This creates a new helper proto because the existing
>>>> bpf_get_socket_cookie_sock_proto has a ARG_PTR_TO_CTX argument
>>>> and only
>>>> works for BPF programs where the context is a sock.
>>>>
>>>> This helper could also be useful to other BPF program types such
>>>> as LSM.
>>>>
>>>> Signed-off-by: Florent Revest <revest@...gle.com>
>>>> ---
>>>>    include/uapi/linux/bpf.h       | 7 +++++++
>>>>    kernel/trace/bpf_trace.c       | 4 ++++
>>>>    net/core/filter.c              | 7 +++++++
>>>>    tools/include/uapi/linux/bpf.h | 7 +++++++
>>>>    4 files changed, 25 insertions(+)
>>>>
>>>> diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
>>>> index c3458ec1f30a..3e0e33c43998 100644
>>>> --- a/include/uapi/linux/bpf.h
>>>> +++ b/include/uapi/linux/bpf.h
>>>> @@ -1662,6 +1662,13 @@ union bpf_attr {
>>>>     *     Return
>>>>     *         A 8-byte long non-decreasing number.
>>>>     *
>>>> + * u64 bpf_get_socket_cookie(void *sk)
>>>> + *     Description
>>>> + *         Equivalent to **bpf_get_socket_cookie**\ () helper
>>>> that accepts
>>>> + *         *sk*, but gets socket from a BTF **struct sock**.
>>>> + *     Return
>>>> + *         A 8-byte long non-decreasing number.
>>>
>>> I would not mention this here since it's not fully correct and we
>>> should avoid users taking non-decreasing granted in their progs.
>>> The only assumption you can make is that it can be considered a
>>> unique number. See also [0] with reverse counter..
>>>
>>>     [0]
>>> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=92acdc58ab11af66fcaef485433fde61b5e32fac
> 
> Ah this is a good point, thank you! I will send a v3 with an extra
> patch that s/non-decreasing/unique/ in the other descriptions. I had
> not given it any extra thought, I just stupidly copied/pasted existing
> descriptions. :)
> 
>> One more thought, in case you plan to use this from sleepable
>> context, you would need to use sock_gen_cookie() variant in the BPF
>> helper instead.
> 
> Out of curiosity, why don't we just always call sock_gen_cookie? Is it
> to avoid the performance impact of increasing the preempt counter and
> introducing a memory barriers ?

Yes, all the other contexts where the existing helpers are used already have
preemption disabled, so the extra preempt_{disable,enable}() is unnecessary
overhead given we want the cookie generation be efficient.

Thanks,
Daniel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ