[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAADnVQ+e7P9SeDFUQ58tX8PAEf+bymWBXXboO+Qv8AO2DS5YWQ@mail.gmail.com>
Date: Thu, 11 Feb 2021 18:28:54 -0800
From: Alexei Starovoitov <alexei.starovoitov@...il.com>
To: Florent Revest <revest@...omium.org>
Cc: bpf <bpf@...r.kernel.org>, Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>,
KP Singh <kpsingh@...omium.org>,
Florent Revest <revest@...gle.com>,
Brendan Jackman <jackmanb@...omium.org>,
LKML <linux-kernel@...r.kernel.org>,
KP Singh <kpsingh@...nel.org>
Subject: Re: [PATCH bpf-next v7 2/5] bpf: Expose bpf_get_socket_cookie to
tracing programs
On Wed, Feb 10, 2021 at 3:14 AM Florent Revest <revest@...omium.org> wrote:
>
> +BPF_CALL_1(bpf_get_socket_ptr_cookie, struct sock *, sk)
> +{
> + return sk ? sock_gen_cookie(sk) : 0;
> +}
> +
> +const struct bpf_func_proto bpf_get_socket_ptr_cookie_proto = {
> + .func = bpf_get_socket_ptr_cookie,
> + .gpl_only = false,
> + .ret_type = RET_INTEGER,
> + .arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON,
> +};
As Daniel pointed out there is an sk_destruct issue here, but I don't
think it's fair
to penalize this set and future similar patches. They don't make things worse.
The issue has been there for some time due to sk_storage in tracing and
other helpers. We need to come up with a holistic approach to solve it.
I suspect allow/deny lists will certainly make it better, but won't
really address it,
and will be fragile over long term.
I think tracing would need to be integrated with bpf_lsm and start relying
on security_*_free callbacks to cover this last 1%.
I think that would be a great topic for the next bpf office hours on Feb 25.
Powered by blists - more mailing lists