From: Jakub Sitnicki <jakub@cloudflare.com>
To: Michal Luczaj <mhal@rbox.co>
Cc: netdev@vger.kernel.org, bpf@vger.kernel.org,
davem@davemloft.net, edumazet@google.com, kuba@kernel.org,
pabeni@redhat.com, john.fastabend@gmail.com, kuniyu@amazon.com,
Rao.Shoaib@oracle.com, cong.wang@bytedance.com
Subject: Re: [PATCH bpf v3 1/4] af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash
Date: Tue, 09 Jul 2024 11:48:07 +0200 [thread overview]
Message-ID: <874j8yoq08.fsf@cloudflare.com> (raw)
In-Reply-To: <20240707222842.4119416-2-mhal@rbox.co> (Michal Luczaj's message of "Sun, 7 Jul 2024 23:28:22 +0200")
On Sun, Jul 07, 2024 at 11:28 PM +02, Michal Luczaj wrote:
> AF_UNIX socket tracks the most recent OOB packet (in its receive queue)
> with an `oob_skb` pointer. BPF redirecting does not account for that: when
> an OOB packet is moved between sockets, `oob_skb` is left outdated. This
> results in a single skb that may be accessed from two different sockets.
>
> Take the easy way out: silently drop MSG_OOB data targeting any socket that
> is in a sockmap or a sockhash. Note that such silent drop is akin to the
> fate of redirected skb's scm_fp_list (SCM_RIGHTS, SCM_CREDENTIALS).
>
> For symmetry, forbid MSG_OOB in unix_bpf_recvmsg().
>
> Suggested-by: Kuniyuki Iwashima <kuniyu@amazon.com>
> Fixes: 314001f0bf92 ("af_unix: Add OOB support")
> Signed-off-by: Michal Luczaj <mhal@rbox.co>
> ---
Reviewed-by: Jakub Sitnicki <jakub@cloudflare.com>
next prev parent reply other threads:[~2024-07-09 9:48 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-07 21:28 [PATCH bpf v3 0/4] af_unix: MSG_OOB handling fix & selftest Michal Luczaj
2024-07-07 21:28 ` [PATCH bpf v3 1/4] af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash Michal Luczaj
2024-07-08 19:38 ` Kuniyuki Iwashima
2024-07-09 1:24 ` John Fastabend
2024-07-09 2:18 ` Kuniyuki Iwashima
2024-07-09 9:48 ` Jakub Sitnicki [this message]
2024-07-07 21:28 ` [PATCH bpf v3 2/4] selftest/bpf: Support SOCK_STREAM in unix_inet_redir_to_connected() Michal Luczaj
2024-07-09 9:48 ` Jakub Sitnicki
2024-07-11 20:33 ` Michal Luczaj
2024-07-13 9:45 ` Jakub Sitnicki
2024-07-13 20:16 ` Michal Luczaj
2024-07-16 9:14 ` Jakub Sitnicki
2024-07-16 20:58 ` Michal Luczaj
2024-07-17 20:15 ` Michal Luczaj
2024-07-19 11:09 ` Jakub Sitnicki
2024-07-22 13:07 ` Michal Luczaj
2024-07-22 19:26 ` Jakub Sitnicki
2024-07-22 22:07 ` Eduard Zingerman
2024-07-22 22:21 ` Eduard Zingerman
2024-07-23 12:31 ` Michal Luczaj
2024-07-24 11:36 ` Michal Luczaj
2024-07-07 21:28 ` [PATCH bpf v3 3/4] selftest/bpf: Parametrize AF_UNIX redir functions to accept send() flags Michal Luczaj
2024-07-09 9:59 ` Jakub Sitnicki
2024-07-11 20:34 ` Michal Luczaj
2024-07-07 21:28 ` [PATCH bpf v3 4/4] selftest/bpf: Test sockmap redirect for AF_UNIX MSG_OOB Michal Luczaj
2024-07-09 10:08 ` Jakub Sitnicki
2024-07-11 20:35 ` Michal Luczaj
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=874j8yoq08.fsf@cloudflare.com \
--to=jakub@cloudflare.com \
--cc=Rao.Shoaib@oracle.com \
--cc=bpf@vger.kernel.org \
--cc=cong.wang@bytedance.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=john.fastabend@gmail.com \
--cc=kuba@kernel.org \
--cc=kuniyu@amazon.com \
--cc=mhal@rbox.co \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.