| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAADnVQ+rD+7fAsLZT4pG7AN4iO7-dQ+3adw0tBhrf8TGbtLjtA@mail.gmail.com>
Date: Fri, 17 Jul 2020 09:13:07 -0700
From: Alexei Starovoitov <alexei.starovoitov@...il.com>
To: Christoph Hellwig <hch@....de>, Stanislav Fomichev <sdf@...gle.com>
Cc: Alexei Starovoitov <ast@...nel.org>,
"David S. Miller" <davem@...emloft.net>,
Network Development <netdev@...r.kernel.org>,
bpf <bpf@...r.kernel.org>
Subject: Re: how is the bpfilter sockopt processing supposed to work
On Thu, Jul 16, 2020 at 10:52 PM Christoph Hellwig <hch@....de> wrote:
>
> Hi Alexei,
>
> I've just been auditing the sockopt code, and bpfilter looks really
> odd. Both getsockopts and setsockopt eventually end up
> in__bpfilter_process_sockopt, which then passes record to the
> userspace helper containing the address of the optval buffer.
> Which depending on bpf-cgroup might be in user or kernel space.
> But even if it is in userspace it would be in a different process
> than the bpfiler helper. What makes all this work?
Hmm. Good point. bpfilter assumes user addresses. It will break
if bpf cgroup sockopt messes with it.
We had a different issue with bpf-cgroup-sockopt and iptables in the past.
Probably the easiest way forward is to special case this particular one.
With your new series is there a way to tell in bpfilter_ip_get_sockopt()
whether addr is kernel or user? And if it's the kernel just return with error.
Powered by blists - more mailing lists