From: Jakub Kicinski <kuba@kernel.org>
To: Martin KaFai Lau <kafai@fb.com>
Cc: Stanislav Fomichev <sdf@google.com>,
bpf@vger.kernel.org, netdev@vger.kernel.org,
Alexei Starovoitov <ast@kernel.org>,
Andrii Nakryiko <andrii@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
David Miller <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
kernel-team@fb.com, Paolo Abeni <pabeni@redhat.com>
Subject: Re: [PATCH bpf-next 02/14] bpf: net: Avoid sock_setsockopt() taking sk lock when called from bpf
Date: Wed, 27 Jul 2022 18:49:03 -0700 [thread overview]
Message-ID: <20220727184903.4d24a00a@kernel.org> (raw)
In-Reply-To: <20220728004546.6n42isdvyg65vuke@kafai-mbp.dhcp.thefacebook.com>
On Wed, 27 Jul 2022 17:45:46 -0700 Martin KaFai Lau wrote:
> > bool setsockopt_capable(struct user_namespace *ns, int cap)
> > {
> > if (!in_task()) {
> > /* Running in irq/softirq -> setsockopt invoked by bpf program.
> > * [not sure, is it safe to assume no regular path leads
> > to setsockopt from sirq?]
> > */
> > return true;
> > }
> >
> > /* Running in process context, task has bpf_ctx set -> invoked
> > by bpf program. */
> > if (current->bpf_ctx != NULL)
> > return true;
> >
> > return ns_capable(ns, cap);
> > }
> >
> > And then do /ns_capable/setsockopt_capable/ in net/core/sock.c
> >
> > But that might be more fragile than passing the flag, idk.
> I think it should work. From a quick look, all bpf_setsockopt usage has
> bpf_ctx. The one from bpf_tcp_ca (struct_ops) and bpf_iter is trampoline
> which also has bpf_ctx. Not sure about the future use cases.
>
> To be honest, I am not sure if I have missed cases and also have similar questions
> your have in the above sample code. This may deserve a separate patch
> set for discussion. Using a bit in sockptr is mostly free now.
> WDYT ?
Sorry to chime in but I vote against @in_bpf. I had to search the git
history recently to figure out what SK_USER_DATA_BPF means. It's not
going to be obvious to a networking person what semantics to attribute
to "in bpf".
next prev parent reply other threads:[~2022-07-28 1:49 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-27 6:08 [PATCH bpf-next 00/14] bpf: net: Remove duplicated codes from bpf_setsockopt() Martin KaFai Lau
2022-07-27 6:09 ` [PATCH bpf-next 01/14] net: Change sock_setsockopt from taking sock ptr to sk ptr Martin KaFai Lau
2022-07-27 8:11 ` David Laight
2022-07-27 20:42 ` Martin KaFai Lau
2022-07-27 8:16 ` Eric Dumazet
2022-07-27 18:50 ` Martin KaFai Lau
2022-07-27 6:09 ` [PATCH bpf-next 02/14] bpf: net: Avoid sock_setsockopt() taking sk lock when called from bpf Martin KaFai Lau
2022-07-27 8:36 ` David Laight
2022-07-27 20:05 ` Martin KaFai Lau
2022-07-27 16:47 ` sdf
2022-07-27 18:37 ` Martin KaFai Lau
2022-07-27 20:39 ` Stanislav Fomichev
2022-07-27 21:21 ` Martin KaFai Lau
2022-07-27 21:38 ` Stanislav Fomichev
2022-07-28 0:45 ` Martin KaFai Lau
2022-07-28 1:49 ` Jakub Kicinski [this message]
2022-07-28 16:31 ` Martin KaFai Lau
2022-07-28 16:56 ` Jakub Kicinski
2022-07-28 17:20 ` Martin KaFai Lau
2022-07-28 17:40 ` Jakub Kicinski
2022-07-29 10:04 ` David Laight
2022-07-29 19:06 ` Martin KaFai Lau
2022-07-27 6:09 ` [PATCH bpf-next 03/14] bpf: net: Consider optval.is_bpf before capable check in sock_setsockopt() Martin KaFai Lau
2022-07-27 16:54 ` sdf
2022-07-27 18:47 ` Martin KaFai Lau
2022-07-27 6:09 ` [PATCH bpf-next 04/14] bpf: net: Avoid do_tcp_setsockopt() taking sk lock when called from bpf Martin KaFai Lau
2022-07-27 6:09 ` [PATCH bpf-next 05/14] bpf: net: Avoid do_ip_setsockopt() " Martin KaFai Lau
2022-07-27 6:09 ` [PATCH bpf-next 06/14] bpf: net: Avoid do_ipv6_setsockopt() " Martin KaFai Lau
2022-07-27 6:09 ` [PATCH bpf-next 07/14] bpf: Embed kernel CONFIG check into the if statement in bpf_setsockopt Martin KaFai Lau
2022-07-27 6:09 ` [PATCH bpf-next 08/14] bpf: Change bpf_setsockopt(SOL_SOCKET) to reuse sock_setsockopt() Martin KaFai Lau
2022-07-27 6:09 ` [PATCH bpf-next 09/14] bpf: Refactor bpf specific tcp optnames to a new function Martin KaFai Lau
2022-07-27 6:09 ` [PATCH bpf-next 10/14] bpf: Change bpf_setsockopt(SOL_TCP) to reuse do_tcp_setsockopt() Martin KaFai Lau
2022-07-27 6:10 ` [PATCH bpf-next 11/14] bpf: Change bpf_setsockopt(SOL_IP) to reuse do_ip_setsockopt() Martin KaFai Lau
2022-07-27 6:10 ` [PATCH bpf-next 12/14] bpf: Change bpf_setsockopt(SOL_IPV6) to reuse do_ipv6_setsockopt() Martin KaFai Lau
2022-07-27 6:10 ` [PATCH bpf-next 13/14] bpf: Add a few optnames to bpf_setsockopt Martin KaFai Lau
2022-07-27 6:10 ` [PATCH bpf-next 14/14] selftests/bpf: bpf_setsockopt tests Martin KaFai Lau
2022-07-27 17:14 ` [PATCH bpf-next 00/14] bpf: net: Remove duplicated codes from bpf_setsockopt() Jakub Kicinski
2022-07-27 20:42 ` Martin KaFai Lau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220727184903.4d24a00a@kernel.org \
--to=kuba@kernel.org \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kafai@fb.com \
--cc=kernel-team@fb.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=sdf@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.