From: Vinicius Costa Gomes <vinicius.gomes@intel.com>
To: Eric Dumazet <edumazet@google.com>,
"David S . Miller" <davem@davemloft.net>
Cc: netdev <netdev@vger.kernel.org>,
Eric Dumazet <edumazet@google.com>,
Eric Dumazet <eric.dumazet@gmail.com>,
Willem de Bruijn <willemb@google.com>
Subject: Re: [PATCH net-next] net: relax SO_TXTIME CAP_NET_ADMIN check
Date: Thu, 07 May 2020 11:09:24 -0700 [thread overview]
Message-ID: <87mu6jsjl7.fsf@intel.com> (raw)
In-Reply-To: <20200507170539.157454-1-edumazet@google.com>
Hi,
Eric Dumazet <edumazet@google.com> writes:
> Now sch_fq has horizon feature, we want to allow QUIC/UDP applications
> to use EDT model so that pacing can be offloaded to the kernel (sch_fq)
> or the NIC.
>
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> Cc: Willem de Bruijn <willemb@google.com>
> ---
> net/core/sock.c | 28 ++++++++++++++++++----------
> 1 file changed, 18 insertions(+), 10 deletions(-)
>
> diff --git a/net/core/sock.c b/net/core/sock.c
> index b714162213aeae98bfee24d8b457547fe7abab4f..fd85e651ce284b6987f0e8fae94f76ec2c432899 100644
> --- a/net/core/sock.c
> +++ b/net/core/sock.c
> @@ -1152,23 +1152,31 @@ int sock_setsockopt(struct socket *sock, int level, int optname,
> break;
>
> case SO_TXTIME:
> - if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) {
> - ret = -EPERM;
> - } else if (optlen != sizeof(struct sock_txtime)) {
> + if (optlen != sizeof(struct sock_txtime)) {
> ret = -EINVAL;
> + break;
> } else if (copy_from_user(&sk_txtime, optval,
> sizeof(struct sock_txtime))) {
> ret = -EFAULT;
> + break;
> } else if (sk_txtime.flags & ~SOF_TXTIME_FLAGS_MASK) {
> ret = -EINVAL;
> - } else {
> - sock_valbool_flag(sk, SOCK_TXTIME, true);
> - sk->sk_clockid = sk_txtime.clockid;
> - sk->sk_txtime_deadline_mode =
> - !!(sk_txtime.flags & SOF_TXTIME_DEADLINE_MODE);
> - sk->sk_txtime_report_errors =
> - !!(sk_txtime.flags & SOF_TXTIME_REPORT_ERRORS);
> + break;
> }
> + /* CLOCK_MONOTONIC is only used by sch_fq, and this packet
> + * scheduler has enough safe guards.
> + */
> + if (sk_txtime.clockid != CLOCK_MONOTONIC &&
> + !ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) {
> + ret = -EPERM;
> + break;
> + }
I was a bit worried until I saw the check above.
Acked-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
> + sock_valbool_flag(sk, SOCK_TXTIME, true);
> + sk->sk_clockid = sk_txtime.clockid;
> + sk->sk_txtime_deadline_mode =
> + !!(sk_txtime.flags & SOF_TXTIME_DEADLINE_MODE);
> + sk->sk_txtime_report_errors =
> + !!(sk_txtime.flags & SOF_TXTIME_REPORT_ERRORS);
> break;
>
> case SO_BINDTOIFINDEX:
> --
> 2.26.2.526.g744177e7f7-goog
>
--
Vinicius
next prev parent reply other threads:[~2020-05-07 18:09 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-07 17:05 [PATCH net-next] net: relax SO_TXTIME CAP_NET_ADMIN check Eric Dumazet
2020-05-07 17:11 ` Willem de Bruijn
2020-05-07 18:09 ` Vinicius Costa Gomes [this message]
2020-05-08 1:17 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87mu6jsjl7.fsf@intel.com \
--to=vinicius.gomes@intel.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=eric.dumazet@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=willemb@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.