lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <8a81f13f-c877-435c-9887-732b20a7d827@linux.dev>
Date: Mon, 30 Sep 2024 19:27:46 -0700
From: Martin KaFai Lau <martin.lau@...ux.dev>
To: Feng zhou <zhoufeng.zf@...edance.com>
Cc: ast@...nel.org, daniel@...earbox.net, andrii@...nel.org,
 eddyz87@...il.com, song@...nel.org, yonghong.song@...ux.dev,
 john.fastabend@...il.com, kpsingh@...nel.org, sdf@...ichev.me,
 haoluo@...gle.com, jolsa@...nel.org, davem@...emloft.net,
 edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com, mykolal@...com,
 shuah@...nel.org, alan.maguire@...cle.com, netdev@...r.kernel.org,
 linux-kernel@...r.kernel.org, bpf@...r.kernel.org,
 linux-kselftest@...r.kernel.org, yangzhenze@...edance.com,
 wangdongdong.6@...edance.com
Subject: Re: [PATCH bpf-next v3 1/2] bpf: Fix bpf_get/setsockopt to tos not
 take effect when TCP over IPv4 via INET6 API

On 9/14/24 3:32 AM, Feng zhou wrote:
> From: Feng Zhou <zhoufeng.zf@...edance.com>
> 
> when TCP over IPv4 via INET6 API, bpf_get/setsockopt with ipv4 will

I think you meant bpf_get/setsockopt with SOL_IP will fail. so s/ipv4/SOL_IP/?

> fail, because sk->sk_family is AF_INET6. With ipv6 will success, not
> take effect, because inet_csk(sk)->icsk_af_ops is ipv6_mapped and
> use ip_queue_xmit, inet_sk(sk)->tos.

Change lgtm.

Patch 2 has a conflict, so can you please reword this commit message to reflect 
the latest change. e.g. afaik, this is no longer specific to mapped address or not.

> 
> Bpf_get/setsockopt use sk_is_inet() helper to fix this case.
> 
> Signed-off-by: Feng Zhou <zhoufeng.zf@...edance.com>
> ---
>   net/core/filter.c | 7 ++++++-
>   1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/net/core/filter.c b/net/core/filter.c
> index e4a4454df5f9..90f4dbb8d2b5 100644
> --- a/net/core/filter.c
> +++ b/net/core/filter.c
> @@ -5399,7 +5399,12 @@ static int sol_ip_sockopt(struct sock *sk, int optname,
>   			  char *optval, int *optlen,
>   			  bool getopt)
>   {
> -	if (sk->sk_family != AF_INET)
> +
> +	/*
> +	 * SOL_IP socket options are available on AF_INET and AF_INET6, for
> +	 * example, TCP over IPv4 via INET6 API.
> +	 */
> +	if (!sk_is_inet(sk))
>   		return -EINVAL;
>   
>   	switch (optname) {

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ