From: Martin KaFai Lau <martin.lau@linux.dev>
To: Kuniyuki Iwashima <kuniyu@google.com>
Cc: almasrymina@google.com, andrii@kernel.org, ast@kernel.org,
bpf@vger.kernel.org, daniel@iogearbox.net, davem@davemloft.net,
edumazet@google.com, hannes@cmpxchg.org,
john.fastabend@gmail.com, kuba@kernel.org, kuni1840@gmail.com,
mhocko@kernel.org, ncardwell@google.com, netdev@vger.kernel.org,
pabeni@redhat.com, roman.gushchin@linux.dev, sdf@fomichev.me,
shakeel.butt@linux.dev, willemb@google.com
Subject: Re: [PATCH v1 bpf-next/net 2/8] bpf: Add a bpf hook in __inet_accept().
Date: Tue, 26 Aug 2025 15:02:23 -0700 [thread overview]
Message-ID: <93ddc9c9-e087-4a8d-a76c-8a081cf3f1ac@linux.dev> (raw)
In-Reply-To: <CAAVpQUC-5r+nbB=Uhio0WOEDV7dMcuUM-tF=auAV_rvAWH5s0g@mail.gmail.com>
On 8/26/25 2:08 PM, Kuniyuki Iwashima wrote:
>> ... need a way to disallow this SK_BPF_MEMCG_SOCK_ISOLATED bit being changed
>> once the socket fd is visible to the user. The current approach is to use the
>> observation in the owned_by_user and sk->sk_socket in the create and accept
>> hook. [ unrelated, I am not sure about the owned_by_user check considering
>> sol_socket_sockopt can be called from bh ].
>
> [ my expectation was bh checks sock_owned_by_user() before
> processing packets and entering where bpf_setsockopt() can
> be called ]
hmm... so if a bpf prog is run in bh, owned_by_user should be false and the bh
bpf prog can continue to do the bpf_setsockopt(SK_BPF_MEMCG_FLAGS). I was
looking at this comment in v1 and v2, "Don't allow once sk has been published to
userspace.". Regardless, it seems that v3 allows other bpf hooks to do the
bpf_setsockopt(SK_BPF_MEMCG_FLAGS)?, so not sure if this point is still relevant.
>
>>
>> If it is needed, there are other ways to stop the SK_BPF_MEMCG_SOCK_ISOLATED
>> being changed again once the fd is visible to user. e.g. there are still bits
>> left in the sk_memcg pointer to freeze it at runtime. If doing it statically
>> (i.e. at prog load time), it can probably return a different setsockopt_proto
>> that can understand the SK_BPF_MEMCG_FLAGS.
>
> I was thinking a kind of the latter, passing caller info to general
> __bpf_setsockopt(), and gave up as it was ugly, but wrapping it
> as different setsockopt_proto sounds good.
>
> Then, we don't need to care about how to limit the caller context.
passing caller info is doable in helper but it is not pretty for helper and
needs verifier changes (kfunc would be easier), so I wouldn't go there also. fyi
only, take a look at bpf_timer_set_callback. However, all five args in
bpf_setsockopt is used, so the same way won't work.
Right, wrapping it into a different setsockopt_proto is an option but admittedly
not pretty also but should work. Lets not go there first. It seems the v3 design
has changed a bit. Lets discuss and explore there.
next prev parent reply other threads:[~2025-08-26 22:02 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-22 22:17 [PATCH v1 bpf-next/net 0/8] bpf: Allow decoupling memcg from sk->sk_prot->memory_allocated Kuniyuki Iwashima
2025-08-22 22:17 ` [PATCH v1 bpf-next/net 1/8] tcp: Save lock_sock() for memcg in inet_csk_accept() Kuniyuki Iwashima
2025-08-22 22:17 ` [PATCH v1 bpf-next/net 2/8] bpf: Add a bpf hook in __inet_accept() Kuniyuki Iwashima
2025-08-23 11:02 ` kernel test robot
2025-08-25 17:57 ` Martin KaFai Lau
2025-08-25 18:14 ` Kuniyuki Iwashima
2025-08-25 23:14 ` Martin KaFai Lau
2025-08-26 0:23 ` Kuniyuki Iwashima
2025-08-26 20:06 ` Martin KaFai Lau
2025-08-26 21:08 ` Kuniyuki Iwashima
2025-08-26 22:02 ` Martin KaFai Lau [this message]
2025-08-26 23:10 ` Kuniyuki Iwashima
2025-08-22 22:17 ` [PATCH v1 bpf-next/net 3/8] libbpf: Support BPF_CGROUP_INET_SOCK_ACCEPT Kuniyuki Iwashima
2025-08-22 22:17 ` [PATCH v1 bpf-next/net 4/8] bpftool: " Kuniyuki Iwashima
2025-08-22 22:18 ` [PATCH v1 bpf-next/net 5/8] bpf: Support bpf_setsockopt() for BPF_CGROUP_INET_SOCK_(CREATE|ACCEPT) Kuniyuki Iwashima
2025-08-23 23:58 ` kernel test robot
2025-08-22 22:18 ` [PATCH v1 bpf-next/net 6/8] bpf: Introduce SK_BPF_MEMCG_FLAGS and SK_BPF_MEMCG_SOCK_ISOLATED Kuniyuki Iwashima
2025-08-23 15:38 ` kernel test robot
2025-08-22 22:18 ` [PATCH v1 bpf-next/net 7/8] net-memcg: Allow decoupling memcg from global protocol memory accounting Kuniyuki Iwashima
2025-08-22 22:18 ` [PATCH v1 bpf-next/net 8/8] selftest: bpf: Add test for SK_BPF_MEMCG_SOCK_ISOLATED Kuniyuki Iwashima
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=93ddc9c9-e087-4a8d-a76c-8a081cf3f1ac@linux.dev \
--to=martin.lau@linux.dev \
--cc=almasrymina@google.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=hannes@cmpxchg.org \
--cc=john.fastabend@gmail.com \
--cc=kuba@kernel.org \
--cc=kuni1840@gmail.com \
--cc=kuniyu@google.com \
--cc=mhocko@kernel.org \
--cc=ncardwell@google.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=roman.gushchin@linux.dev \
--cc=sdf@fomichev.me \
--cc=shakeel.butt@linux.dev \
--cc=willemb@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.