| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250116140531.108636-4-mrpre@163.com>
Date: Thu, 16 Jan 2025 22:05:29 +0800
From: Jiayuan Chen <mrpre@....com>
To: bpf@...r.kernel.org,
jakub@...udflare.com,
john.fastabend@...il.com
Cc: netdev@...r.kernel.org,
martin.lau@...ux.dev,
ast@...nel.org,
edumazet@...gle.com,
davem@...emloft.net,
dsahern@...nel.org,
kuba@...nel.org,
pabeni@...hat.com,
linux-kernel@...r.kernel.org,
song@...nel.org,
andrii@...nel.org,
mhal@...x.co,
yonghong.song@...ux.dev,
daniel@...earbox.net,
xiyou.wangcong@...il.com,
horms@...nel.org,
corbet@....net,
eddyz87@...il.com,
cong.wang@...edance.com,
shuah@...nel.org,
mykolal@...com,
jolsa@...nel.org,
haoluo@...gle.com,
sdf@...ichev.me,
kpsingh@...nel.org,
linux-doc@...r.kernel.org,
Jiayuan Chen <mrpre@....com>
Subject: [PATCH bpf v7 3/5] bpf: disable non stream socket for strparser
Currently, only TCP supports strparser, but sockmap doesn't intercept
non-TCP to attach strparser. For example, with UDP, although the
read/write handlers are replaced, strparser is not executed due to the
lack of read_sock operation.
Furthermore, in udp_bpf_recvmsg(), it checks whether psock has data, and
if not, it falls back to the native UDP read interface, making
UDP + strparser appear to read correctly. According to it's commit
history, the behavior is unexpected.
Moreover, since UDP lacks the concept of streams, we intercept it
directly. Later, we will try to support Unix streams and add more
check.
Signed-off-by: Jiayuan Chen <mrpre@....com>
---
net/core/sock_map.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/net/core/sock_map.c b/net/core/sock_map.c
index f1b9b3958792..c6ee2d1d9cf2 100644
--- a/net/core/sock_map.c
+++ b/net/core/sock_map.c
@@ -214,6 +214,14 @@ static struct sk_psock *sock_map_psock_get_checked(struct sock *sk)
return psock;
}
+static bool sock_map_sk_strp_allowed(const struct sock *sk)
+{
+ /* todo: support unix stream socket */
+ if (sk_is_tcp(sk))
+ return true;
+ return false;
+}
+
static int sock_map_link(struct bpf_map *map, struct sock *sk)
{
struct sk_psock_progs *progs = sock_map_progs(map);
@@ -303,7 +311,10 @@ static int sock_map_link(struct bpf_map *map, struct sock *sk)
write_lock_bh(&sk->sk_callback_lock);
if (stream_parser && stream_verdict && !psock->saved_data_ready) {
- ret = sk_psock_init_strp(sk, psock);
+ if (sock_map_sk_strp_allowed(sk))
+ ret = sk_psock_init_strp(sk, psock);
+ else
+ ret = -EOPNOTSUPP;
if (ret) {
write_unlock_bh(&sk->sk_callback_lock);
sk_psock_put(sk, psock);
--
2.43.5
Powered by blists - more mailing lists