| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAL+tcoC41NwjMmjzHz+76-sLbBVRzEzECwFArSe3FFidMcmB=A@mail.gmail.com>
Date: Wed, 30 Oct 2024 09:15:08 +0800
From: Jason Xing <kerneljasonxing@...il.com>
To: Martin KaFai Lau <martin.lau@...ux.dev>
Cc: davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
pabeni@...hat.com, dsahern@...nel.org, willemdebruijn.kernel@...il.com,
willemb@...gle.com, ast@...nel.org, daniel@...earbox.net, andrii@...nel.org,
eddyz87@...il.com, song@...nel.org, yonghong.song@...ux.dev,
john.fastabend@...il.com, kpsingh@...nel.org, sdf@...ichev.me,
haoluo@...gle.com, jolsa@...nel.org, shuah@...nel.org, ykolal@...com,
bpf@...r.kernel.org, netdev@...r.kernel.org,
Jason Xing <kernelxing@...cent.com>
Subject: Re: [PATCH net-next v3 03/14] net-timestamp: open gate for bpf_setsockopt/_getsockopt
On Wed, Oct 30, 2024 at 8:32 AM Martin KaFai Lau <martin.lau@...ux.dev> wrote:
>
> On 10/28/24 4:05 AM, Jason Xing wrote:
> > From: Jason Xing <kernelxing@...cent.com>
> >
> > For now, we support bpf_setsockopt to set or clear timestamps flags.
> >
> > Users can use something like this in bpf program to turn on the feature:
> > flags = SOF_TIMESTAMPING_TX_SCHED;
> > bpf_setsockopt(skops, SOL_SOCKET, SO_TIMESTAMPING, &flags, sizeof(flags));
> > The specific use cases can be seen in the bpf selftest in this series.
> >
> > Later, I will support each flags one by one based on this.
> >
> > Signed-off-by: Jason Xing <kernelxing@...cent.com>
> > ---
> > include/net/sock.h | 4 ++--
> > include/uapi/linux/net_tstamp.h | 7 +++++++
> > net/core/filter.c | 7 +++++--
> > net/core/sock.c | 34 ++++++++++++++++++++++++++-------
> > net/ipv4/udp.c | 2 +-
> > net/mptcp/sockopt.c | 2 +-
> > net/socket.c | 2 +-
> > 7 files changed, 44 insertions(+), 14 deletions(-)
> >
> > diff --git a/include/net/sock.h b/include/net/sock.h
> > index 5384f1e49f5c..062f405c744e 100644
> > --- a/include/net/sock.h
> > +++ b/include/net/sock.h
> > @@ -1775,7 +1775,7 @@ static inline void skb_set_owner_edemux(struct sk_buff *skb, struct sock *sk)
> > #endif
> >
> > int sk_setsockopt(struct sock *sk, int level, int optname,
> > - sockptr_t optval, unsigned int optlen);
> > + sockptr_t optval, unsigned int optlen, bool bpf_timetamping);
> > int sock_setsockopt(struct socket *sock, int level, int op,
> > sockptr_t optval, unsigned int optlen);
> > int do_sock_setsockopt(struct socket *sock, bool compat, int level,
> > @@ -1784,7 +1784,7 @@ int do_sock_getsockopt(struct socket *sock, bool compat, int level,
> > int optname, sockptr_t optval, sockptr_t optlen);
> >
> > int sk_getsockopt(struct sock *sk, int level, int optname,
> > - sockptr_t optval, sockptr_t optlen);
> > + sockptr_t optval, sockptr_t optlen, bool bpf_timetamping);
> > int sock_gettstamp(struct socket *sock, void __user *userstamp,
> > bool timeval, bool time32);
> > struct sk_buff *sock_alloc_send_pskb(struct sock *sk, unsigned long header_len,
> > diff --git a/include/uapi/linux/net_tstamp.h b/include/uapi/linux/net_tstamp.h
> > index 858339d1c1c4..0696699cf964 100644
> > --- a/include/uapi/linux/net_tstamp.h
> > +++ b/include/uapi/linux/net_tstamp.h
> > @@ -49,6 +49,13 @@ enum {
> > SOF_TIMESTAMPING_TX_SCHED | \
> > SOF_TIMESTAMPING_TX_ACK)
> >
> > +#define SOF_TIMESTAMPING_BPF_SUPPPORTED_MASK (SOF_TIMESTAMPING_SOFTWARE | \
>
> hmm... so we are allowing it but SOF_TIMESTAMPING_SOFTWARE won't do anything
> (meaning set and not-set are both no-op) ?
I was thinking of writing a separate patch to control the output
function by using this flag. Apparently, I didn't do that, so I think
I can remove it from this series.
>
> > + SOF_TIMESTAMPING_TX_SCHED | \
> > + SOF_TIMESTAMPING_TX_SOFTWARE | \
> > + SOF_TIMESTAMPING_TX_ACK | \
> > + SOF_TIMESTAMPING_OPT_ID | \
> > + SOF_TIMESTAMPING_OPT_ID_TCP)
> > +
> > /**
> > * struct so_timestamping - SO_TIMESTAMPING parameter
> > *
> > diff --git a/net/core/filter.c b/net/core/filter.c
> > index 58761263176c..dc8ecf899ced 100644
> > --- a/net/core/filter.c
> > +++ b/net/core/filter.c
> > @@ -5238,6 +5238,9 @@ static int sol_socket_sockopt(struct sock *sk, int optname,
> > break;
> > case SO_BINDTODEVICE:
> > break;
> > + case SO_TIMESTAMPING_NEW:
>
> How about only allow bpf_setsockopt(SO_TIMESTAMPING_NEW) instead of
> bpf_setsockopt(SO_TIMESTAMPING). Does it solve the issue reported in v2?
No, it doesn't. Sorry, I will handle it in a proper way.
>
> > + case SO_TIMESTAMPING_OLD:
> > + break;
> > default:
> > return -EINVAL;
> > }
> > @@ -5247,11 +5250,11 @@ static int sol_socket_sockopt(struct sock *sk, int optname,
> > return -EINVAL;
> > return sk_getsockopt(sk, SOL_SOCKET, optname,
> > KERNEL_SOCKPTR(optval),
> > - KERNEL_SOCKPTR(optlen));
> > + KERNEL_SOCKPTR(optlen), true);
> > }
> >
> > return sk_setsockopt(sk, SOL_SOCKET, optname,
> > - KERNEL_SOCKPTR(optval), *optlen);
> > + KERNEL_SOCKPTR(optval), *optlen, true);
> > }
> >
> > static int bpf_sol_tcp_setsockopt(struct sock *sk, int optname,
> > diff --git a/net/core/sock.c b/net/core/sock.c
> > index 7f398bd07fb7..7e05748b1a06 100644
> > --- a/net/core/sock.c
> > +++ b/net/core/sock.c
> > @@ -941,6 +941,19 @@ int sock_set_timestamping(struct sock *sk, int optname,
> > return 0;
> > }
> >
> > +static int sock_set_timestamping_bpf(struct sock *sk,
> > + struct so_timestamping timestamping)
> > +{
> > + u32 flags = timestamping.flags;
> > +
> > + if (flags & ~SOF_TIMESTAMPING_BPF_SUPPPORTED_MASK)
> > + return -EINVAL;
> > +
> > + WRITE_ONCE(sk->sk_tsflags_bpf, flags);
>
> I think it is cleaner to directly "WRITE_ONCE(sk->sk_tsflags_bpf, flags);" in
> sol_socket_sockopt() instead of adding "bool bpf_timestamping" to sk_setsockopt.
> sk_tsflags_bpf is a separate u32 anyway, so not a lot of code to share. The same
> for getsockopt.
As I replied to Willem, I feel this way (that is also the same as v2)
[1] introduces more extra duplicated code and returns earlier compared
to other use cases of SO_xxx, which do you think is a bit weird?
[1]: https://lore.kernel.org/all/20241012040651.95616-3-kerneljasonxing@gmail.com/
Surely, I can write it like how v2 works. Which one would you prefer :) ?
>
> [ will continue the remaining patches a little later ]
Thanks!
Thanks,
Jason
Powered by blists - more mailing lists