lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 4 Feb 2019 21:23:10 +0100
From:   Daniel Borkmann <daniel@...earbox.net>
To:     Alexei Starovoitov <alexei.starovoitov@...il.com>,
        Yafang Shao <laoar.shao@...il.com>
Cc:     kafai@...com, brakmo@...com, ast@...nel.org,
        netdev@...r.kernel.org, shaoyafang@...iglobal.com
Subject: Re: [PATCH bpf-next] bpf: support SO_DEBUG in bpf_setsockopt()

On 02/04/2019 06:35 PM, Alexei Starovoitov wrote:
> On Sun, Feb 03, 2019 at 04:15:07PM +0800, Yafang Shao wrote:
>> Then we can enable/disable socket debugging without modifying user code.
>> That is more convenient for debugging.
>>
>> Signed-off-by: Yafang Shao <laoar.shao@...il.com>
>> ---
>>  include/net/sock.h | 8 ++++++++
>>  net/core/filter.c  | 3 +++
>>  net/core/sock.c    | 8 --------
>>  3 files changed, 11 insertions(+), 8 deletions(-)
>>
>> diff --git a/include/net/sock.h b/include/net/sock.h
>> index 2b229f7..8decee9 100644
>> --- a/include/net/sock.h
>> +++ b/include/net/sock.h
>> @@ -1935,6 +1935,14 @@ static inline void sock_confirm_neigh(struct sk_buff *skb, struct neighbour *n)
>>  	}
>>  }
>>  
>> +static inline void sock_valbool_flag(struct sock *sk, int bit, int valbool)
>> +{
>> +	if (valbool)
>> +		sock_set_flag(sk, bit);
>> +	else
>> +		sock_reset_flag(sk, bit);
>> +}
>> +
>>  bool sk_mc_loop(struct sock *sk);
>>  
>>  static inline bool sk_can_gso(const struct sock *sk)
>> diff --git a/net/core/filter.c b/net/core/filter.c
>> index 3a49f68..ce5da57 100644
>> --- a/net/core/filter.c
>> +++ b/net/core/filter.c
>> @@ -4111,6 +4111,9 @@ static unsigned long bpf_xdp_copy(void *dst_buff, const void *src_buff,
>>  
>>  		/* Only some socketops are supported */
>>  		switch (optname) {
>> +		case SO_DEBUG:
>> +			sock_valbool_flag(sk, SOCK_DBG, val);
>> +			break;
> 
> I'm missing the point here.
> This flag has any effect only when SOCK_DEBUGGING is set.
> But it is off in distros.
> Since it's for custom debug kernel only why bother with
> setting the flag via bpf prog?

+1, this seems like some ancient debugging interface. Back at last netconf
there was a proposal [0] to have a tcp_stats(sk, TCP_MIB_...) API for MIBs
counter such that this can be traced via BPF on a per socket basis, for
example. Might be worthwhile to work into that direction instead and potentially
get rid of the SOCK_DEBUG() statements and convert (where appropriate) to
such an interface. Thoughts?

  [0] page 14, http://vger.kernel.org/netconf2018_files/BrendanGregg_netconf2018.pdf

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ