From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Eric Dumazet <edumazet@google.com>,
John Fastabend <john.fastabend@gmail.com>,
Yonghong Song <yhs@fb.com>,
Daniel Borkmann <daniel@iogearbox.net>,
Sasha Levin <alexander.levin@microsoft.com>
Subject: [PATCH 4.18 36/53] bpf: sockmap only allow ESTABLISHED sock state
Date: Thu, 18 Oct 2018 19:54:29 +0200 [thread overview]
Message-ID: <20181018175422.888783173@linuxfoundation.org> (raw)
In-Reply-To: <20181018175416.561567978@linuxfoundation.org>
4.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: John Fastabend <john.fastabend@gmail.com>
[ Upstream commit 5607fff303636d48b88414c6be353d9fed700af2 ]
After this patch we only allow socks that are in ESTABLISHED state or
are being added via a sock_ops event that is transitioning into an
ESTABLISHED state. By allowing sock_ops events we allow users to
manage sockmaps directly from sock ops programs. The two supported
sock_ops ops are BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB and
BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB.
Similar to TLS ULP this ensures sk_user_data is correct.
Reported-by: Eric Dumazet <edumazet@google.com>
Fixes: 1aa12bdf1bfb ("bpf: sockmap, add sock close() hook to remove socks")
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Acked-by: Yonghong Song <yhs@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/bpf/sockmap.c | 31 ++++++++++++++++++++++++++++++-
1 file changed, 30 insertions(+), 1 deletion(-)
--- a/kernel/bpf/sockmap.c
+++ b/kernel/bpf/sockmap.c
@@ -2100,8 +2100,12 @@ static int sock_map_update_elem(struct b
return -EINVAL;
}
+ /* ULPs are currently supported only for TCP sockets in ESTABLISHED
+ * state.
+ */
if (skops.sk->sk_type != SOCK_STREAM ||
- skops.sk->sk_protocol != IPPROTO_TCP) {
+ skops.sk->sk_protocol != IPPROTO_TCP ||
+ skops.sk->sk_state != TCP_ESTABLISHED) {
fput(socket->file);
return -EOPNOTSUPP;
}
@@ -2456,6 +2460,16 @@ static int sock_hash_update_elem(struct
return -EINVAL;
}
+ /* ULPs are currently supported only for TCP sockets in ESTABLISHED
+ * state.
+ */
+ if (skops.sk->sk_type != SOCK_STREAM ||
+ skops.sk->sk_protocol != IPPROTO_TCP ||
+ skops.sk->sk_state != TCP_ESTABLISHED) {
+ fput(socket->file);
+ return -EOPNOTSUPP;
+ }
+
lock_sock(skops.sk);
preempt_disable();
rcu_read_lock();
@@ -2544,10 +2558,22 @@ const struct bpf_map_ops sock_hash_ops =
.map_release_uref = sock_map_release,
};
+static bool bpf_is_valid_sock_op(struct bpf_sock_ops_kern *ops)
+{
+ return ops->op == BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB ||
+ ops->op == BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB;
+}
BPF_CALL_4(bpf_sock_map_update, struct bpf_sock_ops_kern *, bpf_sock,
struct bpf_map *, map, void *, key, u64, flags)
{
WARN_ON_ONCE(!rcu_read_lock_held());
+
+ /* ULPs are currently supported only for TCP sockets in ESTABLISHED
+ * state. This checks that the sock ops triggering the update is
+ * one indicating we are (or will be soon) in an ESTABLISHED state.
+ */
+ if (!bpf_is_valid_sock_op(bpf_sock))
+ return -EOPNOTSUPP;
return sock_map_ctx_update_elem(bpf_sock, map, key, flags);
}
@@ -2566,6 +2592,9 @@ BPF_CALL_4(bpf_sock_hash_update, struct
struct bpf_map *, map, void *, key, u64, flags)
{
WARN_ON_ONCE(!rcu_read_lock_held());
+
+ if (!bpf_is_valid_sock_op(bpf_sock))
+ return -EOPNOTSUPP;
return sock_hash_ctx_update_elem(bpf_sock, map, key, flags);
}
next prev parent reply other threads:[~2018-10-18 17:58 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-18 17:53 [PATCH 4.18 00/53] 4.18.16-stable review Greg Kroah-Hartman
2018-10-18 17:53 ` [PATCH 4.18 01/53] soundwire: Fix duplicate stream state assignment Greg Kroah-Hartman
2018-10-18 17:53 ` [PATCH 4.18 02/53] soundwire: Fix incorrect exit after configuring stream Greg Kroah-Hartman
2018-10-18 17:53 ` [PATCH 4.18 03/53] soundwire: Fix acquiring bus lock twice during master release Greg Kroah-Hartman
2018-10-18 17:53 ` [PATCH 4.18 04/53] media: af9035: prevent buffer overflow on write Greg Kroah-Hartman
2018-10-18 17:53 ` [PATCH 4.18 05/53] spi: gpio: Fix copy-and-paste error Greg Kroah-Hartman
2018-10-18 17:53 ` [PATCH 4.18 06/53] batman-adv: Avoid probe ELP information leak Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 07/53] batman-adv: Fix segfault when writing to throughput_override Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 08/53] batman-adv: Fix segfault when writing to sysfs elp_interval Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 09/53] batman-adv: Prevent duplicated gateway_node entry Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 10/53] batman-adv: Prevent duplicated nc_node entry Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 11/53] batman-adv: Prevent duplicated softif_vlan entry Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 12/53] batman-adv: Prevent duplicated global TT entry Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 13/53] batman-adv: Prevent duplicated tvlv handler Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 14/53] batman-adv: fix backbone_gw refcount on queue_work() failure Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 15/53] batman-adv: fix hardif_neigh " Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 16/53] cxgb4: fix abort_req_rss6 struct Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 17/53] clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 18/53] scsi: ibmvscsis: Fix a stringop-overflow warning Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 19/53] scsi: ibmvscsis: Ensure partition name is properly NUL terminated Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 20/53] intel_th: pci: Add Ice Lake PCH support Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 21/53] Input: atakbd - fix Atari keymap Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 22/53] Input: atakbd - fix Atari CapsLock behaviour Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 23/53] selftests: pmtu: properly redirect stderr to /dev/null Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 24/53] net: emac: fix fixed-link setup for the RTL8363SB switch Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 25/53] ravb: do not write 1 to reserved bits Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 26/53] net/smc: fix non-blocking connect problem Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 27/53] net/smc: fix sizeof to int comparison Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 28/53] qed: Fix populating the invalid stag value in multi function mode Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 29/53] qed: Do not add VLAN 0 tag to untagged frames in multi-function mode Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 30/53] PCI: dwc: Fix scheduling while atomic issues Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 31/53] RDMA/uverbs: Fix validity check for modify QP Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 32/53] scsi: lpfc: Synchronize access to remoteport via rport Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 33/53] drm: mali-dp: Call drm_crtc_vblank_reset on device init Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 34/53] scsi: ipr: System hung while dlpar adding primary ipr adapter back Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 35/53] scsi: sd: dont crash the host on invalid commands Greg Kroah-Hartman
2018-10-18 17:54 ` Greg Kroah-Hartman [this message]
2018-10-18 17:54 ` [PATCH 4.18 37/53] bpf: sockmap, fix transition through disconnect without close Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 38/53] bpf: test_maps, only support ESTABLISHED socks Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 39/53] net/mlx4: Use cpumask_available for eq->affinity_mask Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 40/53] clocksource/drivers/fttmr010: Fix set_next_event handler Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 41/53] RDMA/bnxt_re: Fix system crash during RDMA resource initialization Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 42/53] RISC-V: include linux/ftrace.h in asm-prototypes.h Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 43/53] iommu/rockchip: Free irqs in shutdown handler Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 44/53] pinctrl/amd: poll InterruptEnable bits in amd_gpio_irq_set_type Greg Kroah-Hartman
2018-10-18 17:54 ` Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 45/53] powerpc/tm: Fix userspace r13 corruption Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 46/53] powerpc/tm: Avoid possible userspace r1 corruption on reclaim Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 47/53] powerpc/numa: Use associativity if VPHN hcall is successful Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 48/53] iommu/amd: Return devid as alias for ACPI HID devices Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 49/53] x86/boot: Fix kexec booting failure in the SEV bit detection code Greg Kroah-Hartman
2018-10-18 17:54 ` Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 50/53] Revert "vfs: fix freeze protection in mnt_want_write_file() for overlayfs" Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 51/53] mremap: properly flush TLB before releasing the page Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 52/53] ARC: build: Get rid of toolchain check Greg Kroah-Hartman
2018-10-18 17:54 ` [PATCH 4.18 53/53] ARC: build: Dont set CROSS_COMPILE in archs Makefile Greg Kroah-Hartman
2018-10-19 12:43 ` [PATCH 4.18 00/53] 4.18.16-stable review Rafael David Tinoco
2018-10-19 15:44 ` Greg Kroah-Hartman
2018-10-19 15:50 ` Guenter Roeck
2018-10-20 6:42 ` Greg Kroah-Hartman
2018-10-19 20:43 ` Shuah Khan
2018-10-20 6:41 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181018175422.888783173@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=alexander.levin@microsoft.com \
--cc=daniel@iogearbox.net \
--cc=edumazet@google.com \
--cc=john.fastabend@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.