lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <e4d9f89b-03cb-47ee-bc71-acea080a84e2@linux.dev>
Date: Tue, 2 Sep 2025 13:02:03 -0700
From: Martin KaFai Lau <martin.lau@...ux.dev>
To: Kuniyuki Iwashima <kuniyu@...gle.com>
Cc: Alexei Starovoitov <ast@...nel.org>, Andrii Nakryiko <andrii@...nel.org>,
 Daniel Borkmann <daniel@...earbox.net>,
 John Fastabend <john.fastabend@...il.com>,
 Stanislav Fomichev <sdf@...ichev.me>, Johannes Weiner <hannes@...xchg.org>,
 Michal Hocko <mhocko@...nel.org>, Roman Gushchin <roman.gushchin@...ux.dev>,
 Shakeel Butt <shakeel.butt@...ux.dev>, "David S. Miller"
 <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>,
 Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
 Neal Cardwell <ncardwell@...gle.com>, Willem de Bruijn <willemb@...gle.com>,
 Mina Almasry <almasrymina@...gle.com>, Kuniyuki Iwashima
 <kuni1840@...il.com>, bpf@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [PATCH v4 bpf-next/net 3/5] bpf: Introduce SK_BPF_MEMCG_FLAGS and
 SK_BPF_MEMCG_SOCK_ISOLATED.

On 8/28/25 6:00 PM, Kuniyuki Iwashima wrote:
>   static int sol_socket_sockopt(struct sock *sk, int optname,
>   			      char *optval, int *optlen,
>   			      bool getopt)
> @@ -5284,6 +5313,7 @@ static int sol_socket_sockopt(struct sock *sk, int optname,
>   	case SO_BINDTOIFINDEX:
>   	case SO_TXREHASH:
>   	case SK_BPF_CB_FLAGS:
> +	case SK_BPF_MEMCG_FLAGS:
>   		if (*optlen != sizeof(int))
>   			return -EINVAL;
>   		break;
> @@ -5293,8 +5323,15 @@ static int sol_socket_sockopt(struct sock *sk, int optname,
>   		return -EINVAL;
>   	}
>   
> -	if (optname == SK_BPF_CB_FLAGS)
> +	switch (optname) {
> +	case SK_BPF_CB_FLAGS:
>   		return sk_bpf_set_get_cb_flags(sk, optval, getopt);
> +	case SK_BPF_MEMCG_FLAGS:

I would remove the getsockopt only support from the other hooks that cannot do 
the setsockopt. There are other ways for them to read sk->sk_memcg if it is 
really needed.

> +		if (!IS_ENABLED(CONFIG_MEMCG) || !getopt)
> +			return -EOPNOTSUPP;
> +
> +		return sk_bpf_get_memcg_flags(sk, optval);

Instead, do this only in bpf_sock_create_getsockopt.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ