| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAL+tcoB182=QS0hLN9_ihf5Fcivr3BHuom8rrm+75bjpgC___Q@mail.gmail.com>
Date: Sat, 25 Jan 2025 08:28:28 +0800
From: Jason Xing <kerneljasonxing@...il.com>
To: Martin KaFai Lau <martin.lau@...ux.dev>
Cc: davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
pabeni@...hat.com, dsahern@...nel.org, willemdebruijn.kernel@...il.com,
willemb@...gle.com, ast@...nel.org, daniel@...earbox.net, andrii@...nel.org,
eddyz87@...il.com, song@...nel.org, yonghong.song@...ux.dev,
john.fastabend@...il.com, kpsingh@...nel.org, sdf@...ichev.me,
haoluo@...gle.com, jolsa@...nel.org, horms@...nel.org, bpf@...r.kernel.org,
netdev@...r.kernel.org
Subject: Re: [RFC PATCH net-next v6 03/13] bpf: stop UDP sock accessing TCP
fields in bpf callbacks
On Sat, Jan 25, 2025 at 7:41 AM Martin KaFai Lau <martin.lau@...ux.dev> wrote:
>
> On 1/20/25 5:28 PM, Jason Xing wrote:
> > Applying the new member allow_tcp_access in the existing callbacks
> > where is_fullsock is set to 1 can help us stop UDP socket accessing
> > struct tcp_sock, or else it could be catastrophe leading to panic.
> >
> > For now, those existing callbacks are used only for TCP. I believe
> > in the short run, we will have timestamping UDP callbacks support.
>
> The commit message needs adjustment. UDP is not supported yet, so this change
> feels like it's unnecessary based on the commit message. However, even without
> UDP support, the new timestamping callbacks cannot directly write some fields
> because the sk lock is not held, so this change is needed for TCP timestamping
Thanks and I will revise them. But I still want to say that the
timestamping callbacks after this series are all under the protection
of socket lock.
> support.
>
> To keep it simple, instead of distinguishing between read and write access, we
> disallow all read/write access to the tcp_sock through the older bpf_sock_ops
> ctx. The new timestamping callbacks can use newer helpers to read everything
> from a sk (e.g. bpf_core_cast), so nothing is lost.
>
> The "allow_tcp_access" flag is added to indicate that the callback site has a
> tcp_sock locked. Yes, it will make future UDP support easier because a udp_sock
> is not a tcp_sock to begin with.
I will add them :)
>
> >
> > Signed-off-by: Jason Xing <kerneljasonxing@...il.com>
> > ---
> > include/linux/filter.h | 1 +
> > include/net/tcp.h | 1 +
> > net/core/filter.c | 8 ++++----
> > net/ipv4/tcp_input.c | 2 ++
> > net/ipv4/tcp_output.c | 2 ++
> > 5 files changed, 10 insertions(+), 4 deletions(-)
> >
> > diff --git a/include/linux/filter.h b/include/linux/filter.h
> > index a3ea46281595..1b1333a90b4a 100644
> > --- a/include/linux/filter.h
> > +++ b/include/linux/filter.h
> > @@ -1508,6 +1508,7 @@ struct bpf_sock_ops_kern {
> > void *skb_data_end;
> > u8 op;
> > u8 is_fullsock;
> > + u8 allow_tcp_access;
>
> It is useful to add a comment here to explain the sockops callback has the
> tcp_sock locked when it is set.
Got it!
Thanks,
Jason
Powered by blists - more mailing lists