| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <YRbittzJQjF/KqKU@google.com>
Date: Fri, 13 Aug 2021 14:23:02 -0700
From: sdf@...gle.com
To: Martin KaFai Lau <kafai@...com>
Cc: netdev@...r.kernel.org, bpf@...r.kernel.org, ast@...nel.org,
daniel@...earbox.net, andrii@...nel.org
Subject: Re: [PATCH bpf-next v2 1/2] bpf: Allow bpf_get_netns_cookie in BPF_PROG_TYPE_CGROUP_SOCKOPT
On 08/13, Martin KaFai Lau wrote:
> On Thu, Aug 12, 2021 at 08:30:10AM -0700, Stanislav Fomichev wrote:
> > This is similar to existing BPF_PROG_TYPE_CGROUP_SOCK
> > and BPF_PROG_TYPE_CGROUP_SOCK_ADDR.
> >
> > Signed-off-by: Stanislav Fomichev <sdf@...gle.com>
> > ---
> > kernel/bpf/cgroup.c | 19 +++++++++++++++++++
> > 1 file changed, 19 insertions(+)
> >
> > diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c
> > index b567ca46555c..ca5af8852260 100644
> > --- a/kernel/bpf/cgroup.c
> > +++ b/kernel/bpf/cgroup.c
> > @@ -1846,11 +1846,30 @@ const struct bpf_verifier_ops
> cg_sysctl_verifier_ops = {
> > const struct bpf_prog_ops cg_sysctl_prog_ops = {
> > };
> >
> > +#ifdef CONFIG_NET
> > +BPF_CALL_1(bpf_get_netns_cookie_sockopt, struct bpf_sockopt_kern *,
> ctx)
> > +{
> > + struct sock *sk = ctx ? ctx->sk : NULL;
> > + const struct net *net = sk ? sock_net(sk) : &init_net;
> A nit.
> ctx->sk can not be NULL here, so it only depends on ctx is NULL or not.
> If I read it correctly, would it be less convoluted to directly test ctx
> and use ctx->sk here, like:
> const struct net *net = ctx ? sock_net(ctx->sk) : &init_net;
> and the previous "struct sock *sk = ctx ? ctx->sk : NULL;" statement
> can also be removed.
Agreed, makes sense. Let me also add bpf_get_netns_cookie to some
existing BPF prog to make sure it's executed. That ctx.c isn't
really running the prog..
Powered by blists - more mailing lists