From: Martin KaFai Lau <martin.lau@linux.dev>
To: Daan De Meyer <daan.j.demeyer@gmail.com>
Cc: kernel-team@meta.com, netdev@vger.kernel.org, bpf@vger.kernel.org
Subject: Re: [PATCH bpf-next v3 4/9] bpf: Implement cgroup sockaddr hooks for unix sockets
Date: Tue, 5 Sep 2023 14:38:26 -0700 [thread overview]
Message-ID: <6ad30137-c7d7-884b-c19e-e16288984d57@linux.dev> (raw)
In-Reply-To: <52177bd8-65a5-ef4d-b00d-47509855c3e4@linux.dev>
On 9/5/23 12:02 PM, Martin KaFai Lau wrote:
>> @@ -1766,14 +1787,37 @@ static int unix_getname(struct socket *sock, struct
>> sockaddr *uaddr, int peer)
>> if (!addr) {
>> sunaddr->sun_family = AF_UNIX;
>> sunaddr->sun_path[0] = 0;
>> - err = offsetof(struct sockaddr_un, sun_path);
>> + addr_len = offsetof(struct sockaddr_un, sun_path);
>> } else {
>> - err = addr->len;
>> + addr_len = addr->len;
>> memcpy(sunaddr, addr->name, addr->len);
>> }
>> +
>> + if (peer && cgroup_bpf_enabled(CGROUP_UNIX_GETPEERNAME)) {
>> + err = BPF_CGROUP_RUN_SA_PROG(sk, uaddr, &addr_len,
>> + CGROUP_UNIX_GETPEERNAME);
>> + if (err)
>
> UNIX_GETPEERNAME can only have return value 1 (OK), so no need to do err check
> here.
>
>> + goto out;
>> +
>> + err = unix_validate_addr(sunaddr, addr_len);
>
> Since the kfunc is specific to the unix address, how about doing the
> unix_validate_addr check in the kfunc itself?
When reading patch 3 again, the kfunc has already checked the addrlen with the
UNIX_PATH_MAX. It should be as good as unix_validate_addr() check considering
the kfunc can only change the sunaddr->sun_path?
next prev parent reply other threads:[~2023-09-05 21:38 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-31 15:34 [PATCH bpf-next v4 0/9] Add cgroup sockaddr hooks for unix sockets Daan De Meyer
2023-08-31 15:34 ` [PATCH bpf-next v3 1/9] selftests/bpf: Add missing section name tests for getpeername/getsockname Daan De Meyer
2023-08-31 15:34 ` [PATCH bpf-next v3 2/9] bpf: Propagate modified uaddrlen from cgroup sockaddr programs Daan De Meyer
2023-09-05 21:21 ` Martin KaFai Lau
2023-08-31 15:34 ` [PATCH bpf-next v3 3/9] bpf: Add bpf_sock_addr_set_unix_addr() to allow writing unix sockaddr from bpf Daan De Meyer
2023-09-04 20:58 ` Alexei Starovoitov
2023-09-05 21:37 ` Martin KaFai Lau
2023-08-31 15:34 ` [PATCH bpf-next v3 4/9] bpf: Implement cgroup sockaddr hooks for unix sockets Daan De Meyer
2023-09-01 19:34 ` Kuniyuki Iwashima
2023-09-05 19:02 ` Martin KaFai Lau
2023-09-05 21:38 ` Martin KaFai Lau [this message]
2023-08-31 15:34 ` [PATCH bpf-next v3 5/9] libbpf: Add support for cgroup unix socket address hooks Daan De Meyer
2023-08-31 15:34 ` [PATCH bpf-next v3 6/9] bpftool: " Daan De Meyer
2023-08-31 16:58 ` Quentin Monnet
2023-08-31 15:34 ` [PATCH bpf-next v3 7/9] documentation/bpf: Document " Daan De Meyer
2023-08-31 15:34 ` [PATCH bpf-next v3 8/9] selftests/bpf: Make sure mount directory exists Daan De Meyer
2023-08-31 15:34 ` [PATCH bpf-next v3 9/9] selftests/bpf: Add tests for cgroup unix socket address hooks Daan De Meyer
2023-09-05 20:07 ` Martin KaFai Lau
-- strict thread matches above, loose matches on Subject: below --
2023-08-29 10:18 [PATCH bpf-next v3 0/9] Add cgroup sockaddr hooks for unix sockets Daan De Meyer
2023-08-29 10:18 ` [PATCH bpf-next v3 4/9] bpf: Implement " Daan De Meyer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6ad30137-c7d7-884b-c19e-e16288984d57@linux.dev \
--to=martin.lau@linux.dev \
--cc=bpf@vger.kernel.org \
--cc=daan.j.demeyer@gmail.com \
--cc=kernel-team@meta.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.