lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CANn89i+asgFpSSAxavvLe22TW897VaEdyYzMJ_s0JpH+2_RzUA@mail.gmail.com>
Date: Mon, 23 Sep 2024 19:58:00 +0200
From: Eric Dumazet <edumazet@...gle.com>
To: Jordan Rife <jrife@...gle.com>
Cc: Sahand <sahandevs@...il.com>, davem@...emloft.net, kuba@...nel.org, 
	pabeni@...hat.com, netdev@...r.kernel.org
Subject: Re: [PATCH] net: expose __sock_sendmsg() symbol

On Mon, Sep 23, 2024 at 7:48 PM Jordan Rife <jrife@...gle.com> wrote:
>
> Should this be backported? I'm wondering if this needs a "Fixes" tag.
>
> -Jordan
>
> On Mon, Sep 23, 2024 at 10:03 AM Sahand <sahandevs@...il.com> wrote:
> >
> > From: Sahand Akbarzadeh <sahandevs@...il.com>
> >
> > Commit 86a7e0b69bd5b812e48a20c66c2161744f3caa16 ("net: prevent rewrite
> > of msg_name in sock_sendmsg()") moved the original implementation of
> > sock_sendmsg() to __sock_sendmsg() and made sock_sendmsg() a wrapper
> > with extra checks. However, __sys_sendto() still uses __sock_sendmsg()
> > directly, causing BPF programs attached to kprobe:sock_sendmsg() to not
> > trigger on sendto() calls.
> >
> > This patch exposes the __sock_sendmsg() symbol to allow writing BPF
> > programs similar to those for older kernels.
> >
> > Signed-off-by: Sahand Akbarzadeh <sahandevs@...il.com>
> > ---
> >  include/linux/net.h | 1 +
> >  net/socket.c        | 2 +-
> >  2 files changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/include/linux/net.h b/include/linux/net.h
> > index b75bc534c..983be8a14 100644
> > --- a/include/linux/net.h
> > +++ b/include/linux/net.h
> > @@ -258,6 +258,7 @@ int sock_create_kern(struct net *net, int family, int type, int proto, struct so
> >  int sock_create_lite(int family, int type, int proto, struct socket **res);
> >  struct socket *sock_alloc(void);
> >  void sock_release(struct socket *sock);
> > +int __sock_sendmsg(struct socket *sock, struct msghdr *msg);
> >  int sock_sendmsg(struct socket *sock, struct msghdr *msg);
> >  int sock_recvmsg(struct socket *sock, struct msghdr *msg, int flags);
> >  struct file *sock_alloc_file(struct socket *sock, int flags, const char *dname);
> > diff --git a/net/socket.c b/net/socket.c
> > index 8d8b84fa4..5c790205d 100644
> > --- a/net/socket.c
> > +++ b/net/socket.c
> > @@ -737,7 +737,7 @@ static inline int sock_sendmsg_nosec(struct socket *sock, struct msghdr *msg)
> >         return ret;
> >  }
> >
> > -static int __sock_sendmsg(struct socket *sock, struct msghdr *msg)
> > +int __sock_sendmsg(struct socket *sock, struct msghdr *msg)
> >  {
> >         int err = security_socket_sendmsg(sock, msg,
> >                                           msg_data_left(msg));
> > --
> > 2.43.0
> >

Old programs were using kprobe:sock_sendmsg

How will this patch restore the operations ?

It seems programs have to use kprobe:__sock_sendmsg even after this patch ?

Please provide a more precise changelog.

I _think_ that perf does not care :

# perf probe -a __sock_sendmsg
Added new events:
  probe:__sock_sendmsg (on __sock_sendmsg)
  probe:__sock_sendmsg (on __sock_sendmsg)
  probe:__sock_sendmsg (on __sock_sendmsg)
  probe:__sock_sendmsg (on __sock_sendmsg)

You can now use it in all perf tools, such as:

perf record -e probe:__sock_sendmsg -aR sleep 1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ