| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87zhefqs9c.fsf@cloudflare.com>
Date: Wed, 22 Jan 2020 19:07:43 +0100
From: Jakub Sitnicki <jakub@...udflare.com>
To: Lorenz Bauer <lmb@...udflare.com>
Cc: bpf <bpf@...r.kernel.org>, Networking <netdev@...r.kernel.org>,
kernel-team <kernel-team@...udflare.com>,
Alexei Starovoitov <alexei.starovoitov@...il.com>,
Daniel Borkmann <daniel@...earbox.net>,
John Fastabend <john.fastabend@...il.com>,
Martin Lau <kafai@...com>
Subject: Re: [PATCH bpf-next v3 06/12] bpf, sockmap: Don't set up sockmap progs for listening sockets
On Wed, Jan 22, 2020 at 05:24 PM CET, Lorenz Bauer wrote:
> On Wed, 22 Jan 2020 at 13:06, Jakub Sitnicki <jakub@...udflare.com> wrote:
>> @@ -352,7 +376,15 @@ static int sock_map_update_common(struct bpf_map *map, u32 idx,
>> if (!link)
>> return -ENOMEM;
>>
>> - ret = sock_map_link(map, &stab->progs, sk);
>> + /* Only established or almost established sockets leaving
>> + * SYN_RECV state need to hold refs to parser/verdict progs
>> + * and have their sk_data_ready and sk_write_space callbacks
>> + * overridden.
>> + */
>> + if (sk->sk_state == TCP_LISTEN)
>> + ret = sock_map_link_no_progs(map, sk);
>> + else
>> + ret = sock_map_link(map, &stab->progs, sk);
>
> Could you use sock_map_redirect_okay from the previous patch here
> instead of checking for TCP_LISTEN?
Makes sense. Queuing it for next iteration if more things pile up.
To give the rest of reviewers some context - Lorenz started looking at
adding bare-bones support for UDP to sockmap. Bare-bones meaning that
UDP sockets could be inserted/deleted into/from sockmap, but not spliced
with sockmap.
Being consistent about how we check if a socket can be used for splicing
will make extending it for UDP easier.
Thanks,
-jkbs
Powered by blists - more mailing lists