| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f8e9ab4a-38b9-43a5-aaf4-15f95a3463d0@linux.dev>
Date: Tue, 10 Dec 2024 18:02:31 -0800
From: Martin KaFai Lau <martin.lau@...ux.dev>
To: Jason Xing <kerneljasonxing@...il.com>
Cc: davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
pabeni@...hat.com, dsahern@...nel.org, willemdebruijn.kernel@...il.com,
willemb@...gle.com, ast@...nel.org, daniel@...earbox.net, andrii@...nel.org,
eddyz87@...il.com, song@...nel.org, yonghong.song@...ux.dev,
john.fastabend@...il.com, kpsingh@...nel.org, sdf@...ichev.me,
haoluo@...gle.com, jolsa@...nel.org, bpf@...r.kernel.org,
netdev@...r.kernel.org, Jason Xing <kernelxing@...cent.com>
Subject: Re: [PATCH net-next v4 02/11] net-timestamp: prepare for bpf prog use
On 12/7/24 9:37 AM, Jason Xing wrote:
> From: Jason Xing <kernelxing@...cent.com>
>
> Later, I would introduce three points to report some information
> to user space based on this.
>
> Signed-off-by: Jason Xing <kernelxing@...cent.com>
> ---
> include/net/sock.h | 7 +++++++
> net/core/sock.c | 15 +++++++++++++++
> 2 files changed, 22 insertions(+)
>
> diff --git a/include/net/sock.h b/include/net/sock.h
> index 0dd464ba9e46..f88a00108a2f 100644
> --- a/include/net/sock.h
> +++ b/include/net/sock.h
> @@ -2920,6 +2920,13 @@ int sock_set_timestamping(struct sock *sk, int optname,
> struct so_timestamping timestamping);
>
> void sock_enable_timestamps(struct sock *sk);
> +#if defined(CONFIG_CGROUP_BPF) && defined(CONFIG_BPF_SYSCALL)
> +void bpf_skops_tx_timestamping(struct sock *sk, struct sk_buff *skb, int op);
> +#else
> +static inline void bpf_skops_tx_timestamping(struct sock *sk, struct sk_buff *skb, int op)
> +{
> +}
> +#endif
> void sock_no_linger(struct sock *sk);
> void sock_set_keepalive(struct sock *sk);
> void sock_set_priority(struct sock *sk, u32 priority);
> diff --git a/net/core/sock.c b/net/core/sock.c
> index 74729d20cd00..79cb5c74c76c 100644
> --- a/net/core/sock.c
> +++ b/net/core/sock.c
> @@ -941,6 +941,21 @@ int sock_set_timestamping(struct sock *sk, int optname,
> return 0;
> }
>
> +#if defined(CONFIG_CGROUP_BPF) && defined(CONFIG_BPF_SYSCALL)
> +void bpf_skops_tx_timestamping(struct sock *sk, struct sk_buff *skb, int op)
> +{
> + struct bpf_sock_ops_kern sock_ops;
> +
> + sock_owned_by_me(sk);
I don't think this can be assumed in the time stamping callback.
To remove this assumption for sockops, I believe it needs to stop the bpf prog
from calling a few bpf helpers. In particular, the bpf_sock_ops_cb_flags_set and
bpf_sock_ops_setsockopt. This should be easy by asking the helpers to check the
"u8 op" in "struct bpf_sock_ops_kern *".
I just noticed a trickier one, sockops bpf prog can write to sk->sk_txhash. The
same should go for reading from sk. Also, sockops prog assumes a fullsock sk is
a tcp_sock which also won't work for the udp case. A quick thought is to do
something similar to is_fullsock. May be repurpose the is_fullsock somehow or a
new u8 is needed. Take a look at SOCK_OPS_{GET,SET}_FIELD. It avoids
writing/reading the sk when is_fullsock is false.
This is a signal that the existing sockops interface has already seen better
days. I hope not too many fixes like these are needed to get tcp/udp
timestamping to work.
> +
> + memset(&sock_ops, 0, offsetof(struct bpf_sock_ops_kern, temp));
> + sock_ops.op = op;
> + sock_ops.is_fullsock = 1;
I don't think we can assume it is always is_fullsock either.
> + sock_ops.sk = sk;
> + __cgroup_bpf_run_filter_sock_ops(sk, &sock_ops, CGROUP_SOCK_OPS);
Same here. sk may not be fullsock. BPF_CGROUP_RUN_PROG_SOCK_OPS(&sock_ops) is
needed.
[ I will continue the rest of the set later. ]
> +}
> +#endif
> +
> void sock_set_keepalive(struct sock *sk)
> {
> lock_sock(sk);
Powered by blists - more mailing lists