lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 20 Dec 2023 10:06:39 -0500
From: Willem de Bruijn <willemdebruijn.kernel@...il.com>
To: Willem de Bruijn <willemdebruijn.kernel@...il.com>, 
 Jörn-Thorben Hinz <jthinz@...lbox.tu-berlin.de>, 
 Arnd Bergmann <arnd@...db.de>, 
 Willem de Bruijn <willemdebruijn.kernel@...il.com>, 
 Thomas Lange <thomas@...elatus.se>, 
 Netdev <netdev@...r.kernel.org>, 
 Deepa Dinamani <deepa.kernel@...il.com>, 
 John Fastabend <john.fastabend@...il.com>
Subject: Re: net/core/sock.c lacks some SO_TIMESTAMPING_NEW support

Willem de Bruijn wrote:
> Jörn-Thorben Hinz wrote:
> > Hi Arnd,
> > 
> > thanks for indirectly pinging me here about the unfinished patches. I
> > kinda forgot about them over other things happening.
> > 
> > Happy to look back into them, it looks like it would be helpful to
> > apply them. Is it fine to just answer the remarks from earlier this
> > year, after a few months, in the same mail thread? Or preferable to
> > resubmit the series[1] first?
> 
> Please resubmit instead of reviving the old thread. Thanks for reviving
> that.
> 
> IIRC the only open item was to limit the new BPF user to the new API?
> That only applies to patch 2/2.
> 
> The missing sk_getsockopt SO_TIMESTAMPING_NEW might be breaking users,
> so is best sent stand-alone to net, rather than net-next.
> 
> > Thorben
> > 
> > [1]
> > https://lore.kernel.org/lkml/20230703175048.151683-1-jthinz@mailbox.tu-berlin.de/
> > 
> > On Wed, 2023-12-20 at 09:43 +0000, Arnd Bergmann wrote:
> > > On Wed, Dec 20, 2023, at 04:00, Willem de Bruijn wrote:
> > > > Thomas Lange wrote:
> > > > > diff --git a/net/core/sock.c b/net/core/sock.c
> > > > > index 16584e2dd648..a56ec1d492c9 100644
> > > > > --- a/net/core/sock.c
> > > > > +++ b/net/core/sock.c
> > > > > @@ -2821,6 +2821,7 @@ int __sock_cmsg_send(struct sock *sk,
> > > > > struct cmsghdr *cmsg,
> > > > >                  sockc->mark = *(u32 *)CMSG_DATA(cmsg);
> > > > >                  break;
> > > > >          case SO_TIMESTAMPING_OLD:
> > > > > +       case SO_TIMESTAMPING_NEW:
> > > > >                  if (cmsg->cmsg_len != CMSG_LEN(sizeof(u32)))
> > > > >                          return -EINVAL;
> > > > > 
> > > > > However, looking through the module, it seems that
> > > > > sk_getsockopt() has no
> > > > > support for SO_TIMESTAMPING_NEW either, but sk_setsockopt() has.
> > > > 
> > > > Good point. Adding the author to see if this was a simple oversight
> > > > or
> > > > there was a rationale at the time for leaving it out.
> > > 
> > > I'm fairly sure this was just a mistake on our side. For the cmsg
> > > case,
> > > I think we just missed it because there is no corresponding
> > > SO_TIMESTAMP{,NS}
> > > version of this, so it fell through the cracks.
> > > 
> > > In the patch above, I'm not entirely sure about what needs to happen
> > > with the old/new format, i.e. the
> > > 
> > >    sock_valbool_flag(sk, SOCK_TSTAMP_NEW, optname ==
> > > SO_TIMESTAMPING_NEW)
> > > 
> > > from setsockopt(). Is __sock_cmsg_send() allowed to turn on
> > > timestamping
> > > without it being first enabled using setsockopt()? If so, I think
> > > we need to set the flag here the same way that setsockopt does. If
> > > not, then I think we instead should check that the old/new format
> > > in the option sent via cmsg is the same that was set earlier with
> > > setsockopt.
> 
> __sock_cmsg_send can only modify a subset of the bits in the
> timestamping feature bitmap, so a call to setsockopt is still needed
> 
> But there is no ordering requirement, so the __sock_cmsg_send call can
> come before the setsockopt call. It would be odd, but the API allows it.

But no timestamp is returned unless setsockopt is called. So we can
continue to rely on that for selecting SOCK_TSTAMP_NEW.

Only question is whether the kernel needs to enfornce the two
operations to be consistent in their choice between NEW and OLD. I
don't think so. If they are not, this would be a weird, likely
deliberate, edge case. It only affects the data returned to the
process, not kernel integrity.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ