| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CANn89i+asgFpSSAxavvLe22TW897VaEdyYzMJ_s0JpH+2_RzUA@mail.gmail.com>
Date: Mon, 23 Sep 2024 19:58:00 +0200
From: Eric Dumazet <edumazet@...gle.com>
To: Jordan Rife <jrife@...gle.com>
Cc: Sahand <sahandevs@...il.com>, davem@...emloft.net, kuba@...nel.org,
pabeni@...hat.com, netdev@...r.kernel.org
Subject: Re: [PATCH] net: expose __sock_sendmsg() symbol
On Mon, Sep 23, 2024 at 7:48 PM Jordan Rife <jrife@...gle.com> wrote:
>
> Should this be backported? I'm wondering if this needs a "Fixes" tag.
>
> -Jordan
>
> On Mon, Sep 23, 2024 at 10:03 AM Sahand <sahandevs@...il.com> wrote:
> >
> > From: Sahand Akbarzadeh <sahandevs@...il.com>
> >
> > Commit 86a7e0b69bd5b812e48a20c66c2161744f3caa16 ("net: prevent rewrite
> > of msg_name in sock_sendmsg()") moved the original implementation of
> > sock_sendmsg() to __sock_sendmsg() and made sock_sendmsg() a wrapper
> > with extra checks. However, __sys_sendto() still uses __sock_sendmsg()
> > directly, causing BPF programs attached to kprobe:sock_sendmsg() to not
> > trigger on sendto() calls.
> >
> > This patch exposes the __sock_sendmsg() symbol to allow writing BPF
> > programs similar to those for older kernels.
> >
> > Signed-off-by: Sahand Akbarzadeh <sahandevs@...il.com>
> > ---
> > include/linux/net.h | 1 +
> > net/socket.c | 2 +-
> > 2 files changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/include/linux/net.h b/include/linux/net.h
> > index b75bc534c..983be8a14 100644
> > --- a/include/linux/net.h
> > +++ b/include/linux/net.h
> > @@ -258,6 +258,7 @@ int sock_create_kern(struct net *net, int family, int type, int proto, struct so
> > int sock_create_lite(int family, int type, int proto, struct socket **res);
> > struct socket *sock_alloc(void);
> > void sock_release(struct socket *sock);
> > +int __sock_sendmsg(struct socket *sock, struct msghdr *msg);
> > int sock_sendmsg(struct socket *sock, struct msghdr *msg);
> > int sock_recvmsg(struct socket *sock, struct msghdr *msg, int flags);
> > struct file *sock_alloc_file(struct socket *sock, int flags, const char *dname);
> > diff --git a/net/socket.c b/net/socket.c
> > index 8d8b84fa4..5c790205d 100644
> > --- a/net/socket.c
> > +++ b/net/socket.c
> > @@ -737,7 +737,7 @@ static inline int sock_sendmsg_nosec(struct socket *sock, struct msghdr *msg)
> > return ret;
> > }
> >
> > -static int __sock_sendmsg(struct socket *sock, struct msghdr *msg)
> > +int __sock_sendmsg(struct socket *sock, struct msghdr *msg)
> > {
> > int err = security_socket_sendmsg(sock, msg,
> > msg_data_left(msg));
> > --
> > 2.43.0
> >
Old programs were using kprobe:sock_sendmsg
How will this patch restore the operations ?
It seems programs have to use kprobe:__sock_sendmsg even after this patch ?
Please provide a more precise changelog.
I _think_ that perf does not care :
# perf probe -a __sock_sendmsg
Added new events:
probe:__sock_sendmsg (on __sock_sendmsg)
probe:__sock_sendmsg (on __sock_sendmsg)
probe:__sock_sendmsg (on __sock_sendmsg)
probe:__sock_sendmsg (on __sock_sendmsg)
You can now use it in all perf tools, such as:
perf record -e probe:__sock_sendmsg -aR sleep 1
Powered by blists - more mailing lists