lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <c5c662c3-61db-404c-c60f-8b23c23a5a79@linux.dev>
Date: Wed, 11 Oct 2023 17:41:14 -0700
From: Martin KaFai Lau <martin.lau@...ux.dev>
To: Daan De Meyer <daan.j.demeyer@...il.com>,
 Kuniyuki Iwashima <kuniyu@...zon.com>
Cc: kernel-team@...a.com, netdev@...r.kernel.org, bpf@...r.kernel.org
Subject: Re: [PATCH bpf-next v11 0/9] Add cgroup sockaddr hooks for unix
 sockets

On 10/11/23 11:51 AM, Daan De Meyer wrote:
> Changes since v10:
> 
> * Removed extra check from bpf_sock_addr_set_sun_path() again in favor of
>    calling unix_validate_addr() everywhere in af_unix.c before calling the hooks.
> 
> Changes since v9:
> 
> * Renamed bpf_sock_addr_set_unix_addr() to bpf_sock_addr_set_sun_path() and
>    rennamed arguments to match the new name.
> * Added an extra check to bpf_sock_addr_set_sun_path() to disallow changing the
>    address of an unnamed unix socket.
> * Removed unnecessary NULL check on uaddrlen in
>    __cgroup_bpf_run_filter_sock_addr().
> 

[ ... ]

> This patch series extends the cgroup sockaddr hooks to include support for unix
> sockets. To add support for unix sockets, struct bpf_sock_addr_kern is extended
> to expose the socket address length to the bpf program. Along with that, a new
> kfunc bpf_sock_addr_set_unix_addr() is added to safely allow modifying an
> AF_UNIX sockaddr from bpf programs.
> 
> I intend to use these new hooks in systemd to reimplement the LogNamespace=
> feature, which allows running multiple instances of systemd-journald to
> process the logs of different services. systemd-journald also processes
> syslog messages, so currently, using log namespaces means all services running
> in the same log namespace have to live in the same private mount namespace
> so that systemd can mount the journal namespace's associated syslog socket
> over /dev/log to properly direct syslog messages from all services running
> in that log namespace to the correct systemd-journald instance. We want to
> relax this requirement so that processes running in disjoint mount namespaces
> can still run in the same log namespace. To achieve this, we can use these
> new hooks to rewrite the socket address of any connect(), sendto(), ...
> syscalls to /dev/log to the socket address of the journal namespace's syslog
> socket instead, which will transparently do the redirection without requiring
> use of a mount namespace and mounting over /dev/log.
> 
> Aside from the above usecase, these hooks can more generally be used to
> transparently redirect unix sockets to different addresses as required by
> services.

I have changed to use the "uaddr" test in patch 2 per the discussion in v10.
Patch 4 in v11 was changed based on the discussion in v10 (call bpf after 
unix_validate_addr), so I carried Kuniyuki's reviewed-by tag from v9.

Applied. Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ