| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87im6n52zx.fsf@cloudflare.com>
Date: Fri, 19 Feb 2021 19:25:22 +0100
From: Jakub Sitnicki <jakub@...udflare.com>
To: Cong Wang <xiyou.wangcong@...il.com>
Cc: netdev@...r.kernel.org, bpf@...r.kernel.org,
duanxiongchun@...edance.com, wangdongdong.6@...edance.com,
jiang.wang@...edance.com, Cong Wang <cong.wang@...edance.com>,
Daniel Borkmann <daniel@...earbox.net>,
Lorenz Bauer <lmb@...udflare.com>,
John Fastabend <john.fastabend@...il.com>
Subject: Re: [Patch bpf-next v4 1/5] bpf: clean up sockmap related Kconfigs
On Tue, Feb 16, 2021 at 07:42 AM CET, Cong Wang wrote:
> From: Cong Wang <cong.wang@...edance.com>
>
> As suggested by John, clean up sockmap related Kconfigs:
>
> Reduce the scope of CONFIG_BPF_STREAM_PARSER down to TCP stream
> parser, to reflect its name.
>
> Make the rest sockmap code simply depend on CONFIG_BPF_SYSCALL.
> And leave CONFIG_NET_SOCK_MSG untouched, as it is used by
> non-sockmap cases.
>
> Cc: Daniel Borkmann <daniel@...earbox.net>
> Cc: Jakub Sitnicki <jakub@...udflare.com>
> Reviewed-by: Lorenz Bauer <lmb@...udflare.com>
> Acked-by: John Fastabend <john.fastabend@...il.com>
> Signed-off-by: Cong Wang <cong.wang@...edance.com>
> ---
Sorry for the delay. There's a lot happening here. Took me a while to
dig through it.
I have a couple of nit-picks, which easily can be addressed as
follow-ups, and one comment.
sock_map_prog_update and sk_psock_done_strp are only used in
net/core/sock_map.c and can be static.
[...]
> diff --git a/net/ipv4/tcp_bpf.c b/net/ipv4/tcp_bpf.c
> index bc7d2a586e18..b2c4865eb39b 100644
> --- a/net/ipv4/tcp_bpf.c
> +++ b/net/ipv4/tcp_bpf.c
> @@ -229,7 +229,6 @@ int tcp_bpf_sendmsg_redir(struct sock *sk, struct sk_msg *msg,
> }
> EXPORT_SYMBOL_GPL(tcp_bpf_sendmsg_redir);
>
> -#ifdef CONFIG_BPF_STREAM_PARSER
> static bool tcp_bpf_stream_read(const struct sock *sk)
> {
> struct sk_psock *psock;
> @@ -561,8 +560,10 @@ static void tcp_bpf_rebuild_protos(struct proto prot[TCP_BPF_NUM_CFGS],
> struct proto *base)
> {
> prot[TCP_BPF_BASE] = *base;
> +#if defined(CONFIG_BPF_SYSCALL)
> prot[TCP_BPF_BASE].unhash = sock_map_unhash;
> prot[TCP_BPF_BASE].close = sock_map_close;
> +#endif
> prot[TCP_BPF_BASE].recvmsg = tcp_bpf_recvmsg;
> prot[TCP_BPF_BASE].stream_memory_read = tcp_bpf_stream_read;
>
> @@ -629,4 +630,3 @@ void tcp_bpf_clone(const struct sock *sk, struct sock *newsk)
> if (prot == &tcp_bpf_prots[family][TCP_BPF_BASE])
> newsk->sk_prot = sk->sk_prot_creator;
> }
> -#endif /* CONFIG_BPF_STREAM_PARSER */
net/core/sock_map.o now is built only when CONFIG_BPF_SYSCALL is set.
While tcp_bpf_get_proto is only called from net/core/sock_map.o.
Seems there is no sense in compiling tcp_bpf_get_proto, and everything
it depends on which was enclosed by CONFIG_BPF_STREAM_PARSER check, when
CONFIG_BPF_SYSCALL is unset.
> diff --git a/net/ipv4/udp_bpf.c b/net/ipv4/udp_bpf.c
> index 7a94791efc1a..e635ccc175ca 100644
> --- a/net/ipv4/udp_bpf.c
> +++ b/net/ipv4/udp_bpf.c
> @@ -18,8 +18,10 @@ static struct proto udp_bpf_prots[UDP_BPF_NUM_PROTS];
> static void udp_bpf_rebuild_protos(struct proto *prot, const struct proto *base)
> {
> *prot = *base;
> +#if defined(CONFIG_BPF_SYSCALL)
> prot->unhash = sock_map_unhash;
> prot->close = sock_map_close;
> +#endif
> }
>
> static void udp_bpf_check_v6_needs_rebuild(struct proto *ops)
Same situation here but for udp_bpf_get_proto.
Powered by blists - more mailing lists