From: Martin KaFai Lau <martin.lau@linux.dev>
To: Jason Xing <kerneljasonxing@gmail.com>
Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org,
pabeni@redhat.com, dsahern@kernel.org,
willemdebruijn.kernel@gmail.com, willemb@google.com,
ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org,
eddyz87@gmail.com, song@kernel.org, yonghong.song@linux.dev,
john.fastabend@gmail.com, kpsingh@kernel.org, sdf@fomichev.me,
haoluo@google.com, jolsa@kernel.org, horms@kernel.org,
bpf@vger.kernel.org, netdev@vger.kernel.org
Subject: Re: [PATCH net-next v5 04/15] net-timestamp: support SK_BPF_CB_FLAGS only in bpf_sock_ops_setsockopt
Date: Wed, 15 Jan 2025 13:22:10 -0800 [thread overview]
Message-ID: <80309f62-0900-4946-bb2c-d73a2b724739@linux.dev> (raw)
In-Reply-To: <20250112113748.73504-5-kerneljasonxing@gmail.com>
On 1/12/25 3:37 AM, Jason Xing wrote:
> We will allow both TCP and UDP sockets to use this helper to
> enable this feature. So let SK_BPF_CB_FLAGS pass the check:
> 1. skip is_fullsock check
> 2. skip owned by me check
>
> Signed-off-by: Jason Xing <kerneljasonxing@gmail.com>
> ---
> net/core/filter.c | 27 +++++++++++++++++++++------
> 1 file changed, 21 insertions(+), 6 deletions(-)
>
> diff --git a/net/core/filter.c b/net/core/filter.c
> index 1ac996ec5e0f..0e915268db5f 100644
> --- a/net/core/filter.c
> +++ b/net/core/filter.c
> @@ -5507,12 +5507,9 @@ static int sol_ipv6_sockopt(struct sock *sk, int optname,
> KERNEL_SOCKPTR(optval), *optlen);
> }
>
> -static int __bpf_setsockopt(struct sock *sk, int level, int optname,
> - char *optval, int optlen)
> +static int ___bpf_setsockopt(struct sock *sk, int level, int optname,
> + char *optval, int optlen)
> {
> - if (!sk_fullsock(sk))
> - return -EINVAL;
> -
> if (level == SOL_SOCKET)
> return sol_socket_sockopt(sk, optname, optval, &optlen, false);
> else if (IS_ENABLED(CONFIG_INET) && level == SOL_IP)
> @@ -5525,6 +5522,15 @@ static int __bpf_setsockopt(struct sock *sk, int level, int optname,
> return -EINVAL;
> }
>
> +static int __bpf_setsockopt(struct sock *sk, int level, int optname,
> + char *optval, int optlen)
> +{
> + if (!sk_fullsock(sk))
> + return -EINVAL;
> +
> + return ___bpf_setsockopt(sk, level, optname, optval, optlen);
> +}
> +
> static int _bpf_setsockopt(struct sock *sk, int level, int optname,
> char *optval, int optlen)
> {
> @@ -5675,7 +5681,16 @@ static const struct bpf_func_proto bpf_sock_addr_getsockopt_proto = {
> BPF_CALL_5(bpf_sock_ops_setsockopt, struct bpf_sock_ops_kern *, bpf_sock,
> int, level, int, optname, char *, optval, int, optlen)
> {
> - return _bpf_setsockopt(bpf_sock->sk, level, optname, optval, optlen);
> + struct sock *sk = bpf_sock->sk;
> +
> + if (optname != SK_BPF_CB_FLAGS) {
> + if (sk_fullsock(sk))
> + sock_owned_by_me(sk);
> + else if (optname != SK_BPF_CB_FLAGS)
This is redundant considering the outer "if" has the same check.
Regardless, "optname != SK_BPF_CB_FLAGS" is not the right check. The new
callback (e.g. BPF_SOCK_OPS_TS_SCHED_OPT_CB) can still call
bpf_setsockopt(TCP_*) which will be broken without a lock.
It needs to check for bpf_sock->op. I saw patch 5 has the bpf_sock->op check but
that check is also incorrect. I will comment in there together.
> + return -EINVAL;
> + }
> +
> + return ___bpf_setsockopt(sk, level, optname, optval, optlen);
> }
>
> static const struct bpf_func_proto bpf_sock_ops_setsockopt_proto = {
next prev parent reply other threads:[~2025-01-15 21:22 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-12 11:37 [PATCH net-next v5 00/15] net-timestamp: bpf extension to equip applications transparently Jason Xing
2025-01-12 11:37 ` [PATCH net-next v5 01/15] net-timestamp: add support for bpf_setsockopt() Jason Xing
2025-01-12 14:49 ` kernel test robot
2025-01-13 0:11 ` Jason Xing
2025-01-13 7:32 ` Jason Xing
2025-01-14 23:20 ` Martin KaFai Lau
2025-01-14 23:29 ` Jason Xing
2025-01-12 11:37 ` [PATCH net-next v5 02/15] net-timestamp: prepare for bpf prog use Jason Xing
2025-01-14 23:39 ` Martin KaFai Lau
2025-01-15 0:09 ` Jason Xing
2025-01-15 0:15 ` Jason Xing
2025-01-15 0:26 ` Martin KaFai Lau
2025-01-15 0:37 ` Jason Xing
2025-01-15 0:43 ` Jason Xing
2025-01-12 11:37 ` [PATCH net-next v5 03/15] bpf: introduce timestamp_used to allow UDP socket fetched in bpf prog Jason Xing
2025-01-15 1:17 ` Martin KaFai Lau
2025-01-15 2:28 ` Jason Xing
2025-01-15 2:54 ` Jason Xing
2025-01-16 0:51 ` Martin KaFai Lau
2025-01-16 1:12 ` Jason Xing
2025-01-18 1:42 ` Martin KaFai Lau
2025-01-18 1:58 ` Jason Xing
2025-01-18 2:16 ` Martin KaFai Lau
2025-01-18 2:37 ` Jason Xing
2025-01-12 11:37 ` [PATCH net-next v5 04/15] net-timestamp: support SK_BPF_CB_FLAGS only in bpf_sock_ops_setsockopt Jason Xing
2025-01-15 21:22 ` Martin KaFai Lau [this message]
2025-01-15 23:26 ` Jason Xing
2025-01-12 11:37 ` [PATCH net-next v5 05/15] net-timestamp: add strict check in some BPF calls Jason Xing
2025-01-12 14:37 ` kernel test robot
2025-01-13 0:28 ` Jason Xing
2025-01-15 21:48 ` Martin KaFai Lau
2025-01-15 23:32 ` Jason Xing
2025-01-18 2:15 ` Martin KaFai Lau
2025-01-18 6:28 ` Jason Xing
2025-01-17 10:18 ` kernel test robot
2025-01-12 11:37 ` [PATCH net-next v5 06/15] net-timestamp: prepare for isolating two modes of SO_TIMESTAMPING Jason Xing
2025-01-15 22:11 ` Martin KaFai Lau
2025-01-15 23:50 ` Jason Xing
2025-01-12 11:37 ` [PATCH net-next v5 07/15] net-timestamp: support SCM_TSTAMP_SCHED for bpf extension Jason Xing
2025-01-15 22:32 ` Martin KaFai Lau
2025-01-15 23:57 ` Jason Xing
2025-01-12 11:37 ` [PATCH net-next v5 08/15] net-timestamp: support sw SCM_TSTAMP_SND " Jason Xing
2025-01-15 22:48 ` Martin KaFai Lau
2025-01-15 23:56 ` Jason Xing
2025-01-18 0:46 ` Martin KaFai Lau
2025-01-18 1:43 ` Jason Xing
2025-01-19 13:38 ` Jason Xing
2025-01-12 11:37 ` [PATCH net-next v5 09/15] net-timestamp: support SCM_TSTAMP_ACK " Jason Xing
2025-01-15 23:02 ` Martin KaFai Lau
2025-01-12 11:37 ` [PATCH net-next v5 10/15] net-timestamp: support hw SCM_TSTAMP_SND " Jason Xing
2025-01-12 11:37 ` [PATCH net-next v5 11/15] net-timestamp: support export skb to the userspace Jason Xing
2025-01-15 23:05 ` Martin KaFai Lau
2025-01-15 23:59 ` Jason Xing
2025-01-12 11:37 ` [PATCH net-next v5 12/15] net-timestamp: make TCP tx timestamp bpf extension work Jason Xing
2025-01-12 11:37 ` [PATCH net-next v5 13/15] net-timestamp: support tcp_sendmsg for bpf extension Jason Xing
2025-01-16 0:03 ` Martin KaFai Lau
2025-01-16 0:41 ` Jason Xing
2025-01-16 1:18 ` Martin KaFai Lau
2025-01-16 1:22 ` Jason Xing
2025-01-12 11:37 ` [PATCH net-next v5 14/15] net-timestamp: introduce cgroup lock to avoid affecting non-bpf cases Jason Xing
2025-01-12 11:37 ` [PATCH net-next v5 15/15] bpf: add simple bpf tests in the tx path for so_timestamping feature Jason Xing
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=80309f62-0900-4946-bb2c-d73a2b724739@linux.dev \
--to=martin.lau@linux.dev \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=eddyz87@gmail.com \
--cc=edumazet@google.com \
--cc=haoluo@google.com \
--cc=horms@kernel.org \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kerneljasonxing@gmail.com \
--cc=kpsingh@kernel.org \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=sdf@fomichev.me \
--cc=song@kernel.org \
--cc=willemb@google.com \
--cc=willemdebruijn.kernel@gmail.com \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.