From: Lorenz Bauer <lmb@cloudflare.com>
To: ast@kernel.org, daniel@iogearbox.net, sdf@google.com,
jakub@cloudflare.com, john.fastabend@gmail.com
Cc: kernel-team@cloudflare.com, bpf@vger.kernel.org,
Lorenz Bauer <lmb@cloudflare.com>
Subject: [PATCH bpf v2 1/6] bpf: flow_dissector: check value of unused flags to BPF_PROG_ATTACH
Date: Mon, 29 Jun 2020 10:56:25 +0100 [thread overview]
Message-ID: <20200629095630.7933-2-lmb@cloudflare.com> (raw)
In-Reply-To: <20200629095630.7933-1-lmb@cloudflare.com>
Using BPF_PROG_ATTACH on a flow dissector program supports neither
target_fd, attach_flags or replace_bpf_fd but accepts any value.
Enforce that all of them are zero. This is fine for replace_bpf_fd
since its presence is indicated by BPF_F_REPLACE. It's more
problematic for target_fd, since zero is a valid fd. Should we
want to use the flag later on we'd have to add an exception for
fd 0. The alternative is to force a value like -1. This requires
more changes to tests. There is also precedent for using 0,
since bpf_iter uses this for target_fd as well.
Signed-off-by: Lorenz Bauer <lmb@cloudflare.com>
Fixes: b27f7bb590ba ("flow_dissector: Move out netns_bpf prog callbacks")
---
kernel/bpf/net_namespace.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/kernel/bpf/net_namespace.c b/kernel/bpf/net_namespace.c
index 3e89c7ad42cb..bf18eabeaea2 100644
--- a/kernel/bpf/net_namespace.c
+++ b/kernel/bpf/net_namespace.c
@@ -217,6 +217,9 @@ int netns_bpf_prog_attach(const union bpf_attr *attr, struct bpf_prog *prog)
struct net *net;
int ret;
+ if (attr->target_fd || attr->attach_flags || attr->replace_bpf_fd)
+ return -EINVAL;
+
type = to_netns_bpf_attach_type(attr->attach_type);
if (type < 0)
return -EINVAL;
--
2.25.1
next prev parent reply other threads:[~2020-06-29 20:50 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-29 9:56 [PATCH bpf v2 0/6] Fix attach / detach uapi for sockmap and flow_dissector Lorenz Bauer
2020-06-29 9:56 ` Lorenz Bauer [this message]
2020-11-04 18:08 ` [PATCH bpf v2 1/6] bpf: flow_dissector: check value of unused flags to BPF_PROG_ATTACH Jiri Benc
2020-11-05 11:00 ` Lorenz Bauer
2020-11-05 11:08 ` Jiri Benc
2020-11-05 16:04 ` Stanislav Fomichev
2020-06-29 9:56 ` [PATCH bpf v2 2/6] bpf: flow_dissector: check value of unused flags to BPF_PROG_DETACH Lorenz Bauer
2020-06-29 9:56 ` [PATCH bpf v2 3/6] bpf: sockmap: check value of unused args to BPF_PROG_ATTACH Lorenz Bauer
2020-06-29 9:56 ` [PATCH bpf v2 4/6] bpf: sockmap: require attach_bpf_fd when detaching a program Lorenz Bauer
2020-07-08 1:30 ` Martin KaFai Lau
2020-06-29 9:56 ` [PATCH bpf v2 5/6] selftests: bpf: pass program and target_fd in flow_dissector_reattach Lorenz Bauer
2020-06-29 9:56 ` [PATCH bpf v2 6/6] selftests: bpf: pass program to bpf_prog_detach in flow_dissector Lorenz Bauer
2020-06-30 5:48 ` [PATCH bpf v2 0/6] Fix attach / detach uapi for sockmap and flow_dissector Yonghong Song
2020-06-30 8:39 ` Lorenz Bauer
2020-06-30 15:08 ` Yonghong Song
2020-06-30 15:50 ` Lorenz Bauer
2020-06-30 18:00 ` Alexei Starovoitov
2020-06-30 18:31 ` Jakub Sitnicki
2020-06-30 18:42 ` Alexei Starovoitov
2020-07-01 7:45 ` Jakub Sitnicki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200629095630.7933-2-lmb@cloudflare.com \
--to=lmb@cloudflare.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=jakub@cloudflare.com \
--cc=john.fastabend@gmail.com \
--cc=kernel-team@cloudflare.com \
--cc=sdf@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.