| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <DB7C8DF2-3567-4715-9793-56639F379B8F@fb.com>
Date: Wed, 24 Jan 2018 01:30:54 +0000
From: Lawrence Brakmo <brakmo@...com>
To: Daniel Borkmann <daniel@...earbox.net>,
netdev <netdev@...r.kernel.org>
CC: Kernel Team <Kernel-team@...com>, Blake Matheny <bmatheny@...com>,
"Alexei Starovoitov" <ast@...com>,
Eric Dumazet <eric.dumazet@...il.com>,
"Neal Cardwell" <ncardwell@...gle.com>,
Yuchung Cheng <ycheng@...gle.com>
Subject: Re: [PATCH bpf-next v6 04/11] bpf: Support passing args to sock_ops
bpf function
On 1/23/18, 5:11 PM, "Daniel Borkmann" <daniel@...earbox.net> wrote:
On 01/20/2018 02:45 AM, Lawrence Brakmo wrote:
> Adds support for passing up to 4 arguments to sock_ops bpf functions. It
> reusues the reply union, so the bpf_sock_ops structures are not
> increased in size.
>
> Signed-off-by: Lawrence Brakmo <brakmo@...com>
> ---
> include/linux/filter.h | 1 +
> include/net/tcp.h | 64 ++++++++++++++++++++++++++++++++++++++++++++----
> include/uapi/linux/bpf.h | 5 ++--
> net/ipv4/tcp.c | 2 +-
> net/ipv4/tcp_nv.c | 2 +-
> net/ipv4/tcp_output.c | 2 +-
> 6 files changed, 66 insertions(+), 10 deletions(-)
>
> diff --git a/include/linux/filter.h b/include/linux/filter.h
> index daa5a67..20384c4 100644
> --- a/include/linux/filter.h
> +++ b/include/linux/filter.h
> @@ -1003,6 +1003,7 @@ struct bpf_sock_ops_kern {
> struct sock *sk;
> u32 op;
> union {
> + u32 args[4];
> u32 reply;
> u32 replylong[4];
> };
> diff --git a/include/net/tcp.h b/include/net/tcp.h
> index 108d16a..8e9111f 100644
> --- a/include/net/tcp.h
> +++ b/include/net/tcp.h
> @@ -2005,7 +2005,7 @@ void tcp_cleanup_ulp(struct sock *sk);
> * program loaded).
> */
> #ifdef CONFIG_BPF
> -static inline int tcp_call_bpf(struct sock *sk, int op)
> +static inline int tcp_call_bpf(struct sock *sk, int op, u32 nargs, u32 *args)
> {
> struct bpf_sock_ops_kern sock_ops;
> int ret;
> @@ -2018,6 +2018,8 @@ static inline int tcp_call_bpf(struct sock *sk, int op)
>
> sock_ops.sk = sk;
> sock_ops.op = op;
> + if (nargs > 0)
> + memcpy(sock_ops.args, args, nargs*sizeof(u32));
Small nit given respin: nargs * sizeof(*args)
Thanks, will fix.
> ret = BPF_CGROUP_RUN_PROG_SOCK_OPS(&sock_ops);
> if (ret == 0)
> @@ -2026,18 +2028,70 @@ static inline int tcp_call_bpf(struct sock *sk, int op)
> ret = -1;
> return ret;
> }
> +
> +static inline int tcp_call_bpf_1arg(struct sock *sk, int op, u32 arg)
> +{
> + return tcp_call_bpf(sk, op, 1, &arg);
> +}
> +
> +static inline int tcp_call_bpf_2arg(struct sock *sk, int op, u32 arg1, u32 arg2)
> +{
> + u32 args[2] = {arg1, arg2};
> +
> + return tcp_call_bpf(sk, op, 2, args);
> +}
> +
> +static inline int tcp_call_bpf_3arg(struct sock *sk, int op, u32 arg1, u32 arg2,
> + u32 arg3)
> +{
> + u32 args[3] = {arg1, arg2, arg3};
> +
> + return tcp_call_bpf(sk, op, 3, args);
> +}
> +
> +static inline int tcp_call_bpf_4arg(struct sock *sk, int op, u32 arg1, u32 arg2,
> + u32 arg3, u32 arg4)
> +{
> + u32 args[4] = {arg1, arg2, arg3, arg4};
> +
> + return tcp_call_bpf(sk, op, 4, args);
> +}
> +
> #else
> -static inline int tcp_call_bpf(struct sock *sk, int op)
> +static inline int tcp_call_bpf(struct sock *sk, int op, u32 nargs, u32 *args)
> {
> return -EPERM;
> }
> +
> +static inline int tcp_call_bpf_1arg(struct sock *sk, int op, u32 arg)
> +{
> + return -EPERM;
> +}
> +
> +static inline int tcp_call_bpf_2arg(struct sock *sk, int op, u32 arg1, u32 arg2)
> +{
> + return -EPERM;
> +}
> +
> +static inline int tcp_call_bpf_3arg(struct sock *sk, int op, u32 arg1, u32 arg2,
> + u32 arg3)
indent: arg3
OK
> +{
> + return -EPERM;
> +}
> +
> +static inline int tcp_call_bpf_4arg(struct sock *sk, int op, u32 arg1, u32 arg2,
> + u32 arg3, u32 arg4)
> +{
> + return -EPERM;
> +}
> +
> #endif
tcp_call_bpf_1arg() and tcp_call_bpf_4arg() unused for the time being?
Yes, I just thought I should add them for completeness. Should I remove them until
they are actually used?
Powered by blists - more mailing lists