lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 3 Oct 2018 03:08:21 +0200
From:   Daniel Borkmann <daniel@...earbox.net>
To:     Joe Stringer <joe@...d.net.nz>
Cc:     netdev@...r.kernel.org, ast@...nel.org, john.fastabend@...il.com,
        tgraf@...g.ch, kafai@...com, nitin.hande@...il.com,
        mauricio.vasquez@...ito.it
Subject: Re: [PATCHv4 bpf-next 00/13] Add socket lookup support

On 10/02/2018 10:35 PM, Joe Stringer wrote:
> This series proposes a new helper for the BPF API which allows BPF programs to
> perform lookups for sockets in a network namespace. This would allow programs
> to determine early on in processing whether the stack is expecting to receive
> the packet, and perform some action (eg drop, forward somewhere) based on this
> information.
> 
> The series is structured roughly into:
> * Misc refactor
> * Add the socket pointer type
> * Add reference tracking to ensure that socket references are freed
> * Extend the BPF API to add sk_lookup_xxx() / sk_release() functions
> * Add tests/documentation
> 
> The helper proposed in this series includes a parameter for a tuple which must
> be filled in by the caller to determine the socket to look up. The simplest
> case would be filling with the contents of the packet, ie mapping the packet's
> 5-tuple into the parameter. In common cases, it may alternatively be useful to
> reverse the direction of the tuple and perform a lookup, to find the socket
> that initiates this connection; and if the BPF program ever performs a form of
> IP address translation, it may further be useful to be able to look up
> arbitrary tuples that are not based upon the packet, but instead based on state
> held in BPF maps or hardcoded in the BPF program.
> 
> Currently, access into the socket's fields are limited to those which are
> otherwise already accessible, and are restricted to read-only access.
> 
> Changes since v3:
> * New patch: "bpf: Reuse canonical string formatter for ctx errs"
> * Add PTR_TO_SOCKET to is_ctx_reg().
> * Add a few new checks to prevent mixing of socket/non-socket pointers.
> * Swap order of checks in sock_filter_is_valid_access().
> * Prefix register spill macros with "bpf_".
> * Add acks from previous round
> * Rebase
> 
> Changes since v2:
> * New patch: "selftests/bpf: Generalize dummy program types".
>   This enables adding verifier tests for socket lookup with tail calls.
> * Define the semantics of the new helpers more clearly in uAPI header.
> * Fix release of caller_net when netns is not specified.
> * Use skb->sk to find caller net when skb->dev is unavailable.
> * Fix build with !CONFIG_NET.
> * Replace ptr_id defensive coding when releasing reference state with an
>   internal error (-EFAULT).
> * Remove flags argument to sk_release().
> * Add several new assembly tests suggested by Daniel.
> * Add a few new C tests.
> * Fix typo in verifier error message.
> 
> Changes since v1:
> * Limit netns_id field to 32 bits
> * Reuse reg_type_mismatch() in more places
> * Reduce the number of passes at convert_ctx_access()
> * Replace ptr_id defensive coding when releasing reference state with an
>   internal error (-EFAULT)
> * Rework 'struct bpf_sock_tuple' to allow passing a packet pointer
> * Allow direct packet access from helper
> * Fix compile error with CONFIG_IPV6 enabled
> * Improve commit messages
> 
> Changes since RFC:
> * Split up sk_lookup() into sk_lookup_tcp(), sk_lookup_udp().
> * Only take references on the socket when necessary.
>   * Make sk_release() only free the socket reference in this case.
> * Fix some runtime reference leaks:
>   * Disallow BPF_LD_[ABS|IND] instructions while holding a reference.
>   * Disallow bpf_tail_call() while holding a reference.
> * Prevent the same instruction being used for reference and other
>   pointer type.
> * Simplify locating copies of a reference during helper calls by caching
>   the pointer id from the caller.
> * Fix kbuild compilation warnings with particular configs.
> * Improve code comments describing the new verifier pieces.
> * Tested by Nitin
> 
> This tree is also available at:
> https://github.com/joestringer/linux/commits/submit/sk-lookup-v4
> 
> Joe Stringer (13):
>   bpf: Add iterator for spilled registers
>   bpf: Simplify ptr_min_max_vals adjustment
>   bpf: Reuse canonical string formatter for ctx errs
>   bpf: Generalize ptr_or_null regs check
>   bpf: Add PTR_TO_SOCKET verifier type
>   bpf: Macrofy stack state copy
>   bpf: Add reference tracking to verifier
>   bpf: Add helper to retrieve socket in BPF
>   selftests/bpf: Generalize dummy program types
>   selftests/bpf: Add tests for reference tracking
>   libbpf: Support loading individual progs
>   selftests/bpf: Add C tests for reference tracking
>   Documentation: Describe bpf reference tracking

Applied to bpf-next, thanks Joe!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ