| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 Apr 2023 18:55:39 -0700
From: Stanislav Fomichev <sdf@...gle.com>
To: Aleksandr Mikhalitsyn <aleksandr.mikhalitsyn@...onical.com>
Cc: Eric Dumazet <edumazet@...gle.com>, davem@...emloft.net,
linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
daniel@...earbox.net, Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>,
Leon Romanovsky <leon@...nel.org>,
David Ahern <dsahern@...nel.org>,
Arnd Bergmann <arnd@...db.de>,
Kees Cook <keescook@...omium.org>,
Christian Brauner <brauner@...nel.org>,
Kuniyuki Iwashima <kuniyu@...zon.com>,
Lennart Poettering <mzxreary@...inter.de>,
linux-arch@...r.kernel.org
Subject: Re: [PATCH net-next v4 2/4] net: socket: add sockopts blacklist for
BPF cgroup hook
On 04/13, Stanislav Fomichev wrote:
> On Thu, Apr 13, 2023 at 7:38 AM Aleksandr Mikhalitsyn
> <aleksandr.mikhalitsyn@...onical.com> wrote:
> >
> > On Thu, Apr 13, 2023 at 4:22 PM Eric Dumazet <edumazet@...gle.com> wrote:
> > >
> > > On Thu, Apr 13, 2023 at 3:35 PM Alexander Mikhalitsyn
> > > <aleksandr.mikhalitsyn@...onical.com> wrote:
> > > >
> > > > During work on SO_PEERPIDFD, it was discovered (thanks to Christian),
> > > > that bpf cgroup hook can cause FD leaks when used with sockopts which
> > > > install FDs into the process fdtable.
> > > >
> > > > After some offlist discussion it was proposed to add a blacklist of
> > >
> > > We try to replace this word by either denylist or blocklist, even in changelogs.
> >
> > Hi Eric,
> >
> > Oh, I'm sorry about that. :( Sure.
> >
> > >
> > > > socket options those can cause troubles when BPF cgroup hook is enabled.
> > > >
> > >
> > > Can we find the appropriate Fixes: tag to help stable teams ?
> >
> > Sure, I will add next time.
> >
> > Fixes: 0d01da6afc54 ("bpf: implement getsockopt and setsockopt hooks")
> >
> > I think it's better to add Stanislav Fomichev to CC.
>
> Can we use 'struct proto' bpf_bypass_getsockopt instead? We already
> use it for tcp zerocopy, I'm assuming it should work in this case as
> well?
Jakub reminded me of the other things I wanted to ask here bug forgot:
- setsockopt is probably not needed, right? setsockopt hook triggers
before the kernel and shouldn't leak anything
- for getsockopt, instead of bypassing bpf completely, should we instead
ignore the error from the bpf program? that would still preserve
the observability aspect
- or maybe we can even have a per-proto bpf_getsockopt_cleanup call that
gets called whenever bpf returns an error to make sure protocols have
a chance to handle that condition (and free the fd)
> > Kind regards,
> > Alex
> >
> > >
> > > > Cc: "David S. Miller" <davem@...emloft.net>
> > > > Cc: Eric Dumazet <edumazet@...gle.com>
> > > > Cc: Jakub Kicinski <kuba@...nel.org>
> > > > Cc: Paolo Abeni <pabeni@...hat.com>
> > > > Cc: Leon Romanovsky <leon@...nel.org>
> > > > Cc: David Ahern <dsahern@...nel.org>
> > > > Cc: Arnd Bergmann <arnd@...db.de>
> > > > Cc: Kees Cook <keescook@...omium.org>
> > > > Cc: Christian Brauner <brauner@...nel.org>
> > > > Cc: Kuniyuki Iwashima <kuniyu@...zon.com>
> > > > Cc: Lennart Poettering <mzxreary@...inter.de>
> > > > Cc: linux-kernel@...r.kernel.org
> > > > Cc: netdev@...r.kernel.org
> > > > Cc: linux-arch@...r.kernel.org
> > > > Suggested-by: Daniel Borkmann <daniel@...earbox.net>
> > > > Suggested-by: Christian Brauner <brauner@...nel.org>
> > > > Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@...onical.com>
> > >
> > > Thanks.
Powered by blists - more mailing lists