lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 15 Oct 2020 13:04:39 +0200 From: Jakub Sitnicki <jakub@...udflare.com> To: John Fastabend <john.fastabend@...il.com> Cc: Alex Dewar <alex.dewar90@...il.com>, Daniel Borkmann <daniel@...earbox.net>, Lorenz Bauer <lmb@...udflare.com>, "David S. Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, Alexei Starovoitov <ast@...nel.org>, Martin KaFai Lau <kafai@...com>, Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>, Andrii Nakryiko <andrii@...nel.org>, KP Singh <kpsingh@...omium.org>, netdev@...r.kernel.org, bpf@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] net: sockmap: Don't call bpf_prog_put() on NULL pointer On Thu, Oct 15, 2020 at 06:43 AM CEST, John Fastabend wrote: [...] > Jakub, any opinions on if we should just throw an error if users try to > add a sock to a map with a parser but no verdict? At the moment we fall > through and add the socket, but it wont do any receive parsing/verdict. > At the moment I think its fine with above fix. The useful cases for RX > are parser+verdict, verdict, and empty. Where empty is just used for > redirects or other socket account tricks. Just something to keep in mind. IMO we should not fail because map updates can interleave with sk_skb prog attachments, like so: update_map(map_fd, sock_fd); attach_prog(parser_fd, map_fd, BPF_SK_SKB_STREAM_PARSER); update_map(map_fd, sock_fd); // OK attach_prog(verdict_fd, map_fd, BPF_SK_SKB_STREAM_VERDICT); update_map(map_fd, sock_fd); In practice, I would expect one process/thread to attach the programs, while another is allowed to update the map at the same time.
Powered by blists - more mailing lists