lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CANn89i+ZsktuirATK0nhUmJu+TiqB9Kbozh+HhmCiP3qdnW3Ew@mail.gmail.com>
Date: Fri, 23 Aug 2024 15:35:43 +0200
From: Eric Dumazet <edumazet@...gle.com>
To: Feng zhou <zhoufeng.zf@...edance.com>
Cc: davem@...emloft.net, kuba@...nel.org, pabeni@...hat.com, ast@...nel.org, 
	daniel@...earbox.net, andrii@...nel.org, martin.lau@...ux.dev, 
	eddyz87@...il.com, song@...nel.org, yonghong.song@...ux.dev, 
	john.fastabend@...il.com, kpsingh@...nel.org, sdf@...ichev.me, 
	haoluo@...gle.com, jolsa@...nel.org, dsahern@...nel.org, 
	netdev@...r.kernel.org, linux-kernel@...r.kernel.org, bpf@...r.kernel.org, 
	yangzhenze@...edance.com, wangdongdong.6@...edance.com
Subject: Re: [PATCH bpf-next v2] bpf: Fix bpf_get/setsockopt to tos not take
 effect when TCP over IPv4 via INET6 API

On Fri, Aug 23, 2024 at 10:53 AM Feng zhou <zhoufeng.zf@...edance.com> wrote:
>
> From: Feng Zhou <zhoufeng.zf@...edance.com>
>
> when TCP over IPv4 via INET6 API, bpf_get/setsockopt with ipv4 will
> fail, because sk->sk_family is AF_INET6. With ipv6 will success, not
> take effect, because inet_csk(sk)->icsk_af_ops is ipv6_mapped and
> use ip_queue_xmit, inet_sk(sk)->tos.
>
> So bpf_get/setsockopt needs add the judgment of this case. Just check
> "inet_csk(sk)->icsk_af_ops == &ipv6_mapped".
>
> | Reported-by: kernel test robot <lkp@...el.com>
> | Closes: https://lore.kernel.org/oe-kbuild-all/202408152034.lw9Ilsj6-lkp@intel.com/
> Signed-off-by: Feng Zhou <zhoufeng.zf@...edance.com>
> ---
> Changelog:
> v1->v2: Addressed comments from kernel test robot
> - Fix compilation error
> Details in here:
> https://lore.kernel.org/bpf/202408152058.YXAnhLgZ-lkp@intel.com/T/
>
>  include/net/tcp.h   | 2 ++
>  net/core/filter.c   | 6 +++++-
>  net/ipv6/tcp_ipv6.c | 6 ++++++
>  3 files changed, 13 insertions(+), 1 deletion(-)
>
> diff --git a/include/net/tcp.h b/include/net/tcp.h
> index 2aac11e7e1cc..ea673f88c900 100644
> --- a/include/net/tcp.h
> +++ b/include/net/tcp.h
> @@ -493,6 +493,8 @@ struct request_sock *cookie_tcp_reqsk_alloc(const struct request_sock_ops *ops,
>                                             struct tcp_options_received *tcp_opt,
>                                             int mss, u32 tsoff);
>
> +bool is_tcp_sock_ipv6_mapped(struct sock *sk);
> +
>  #if IS_ENABLED(CONFIG_BPF)
>  struct bpf_tcp_req_attrs {
>         u32 rcv_tsval;
> diff --git a/net/core/filter.c b/net/core/filter.c
> index ecf2ddf633bf..02a825e35c4d 100644
> --- a/net/core/filter.c
> +++ b/net/core/filter.c
> @@ -5399,7 +5399,11 @@ static int sol_ip_sockopt(struct sock *sk, int optname,
>                           char *optval, int *optlen,
>                           bool getopt)
>  {
> -       if (sk->sk_family != AF_INET)
> +       if (sk->sk_family != AF_INET
> +#if IS_BUILTIN(CONFIG_IPV6)
> +           && !is_tcp_sock_ipv6_mapped(sk)
> +#endif
> +           )
>                 return -EINVAL;

This does not look right to me.

I would remove the test completely.

SOL_IP socket options are available on AF_INET6 sockets just fine.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ