Re: [PATCH] net: remove check before __cgroup_bpf_run_filter_skb

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Stanislav Fomichev <sdf@google.com>
To: Oliver Crumrine <ozlinuxc@gmail.com>
Cc: bpf@vger.kernel.org, linux-kernel@vger.kernel.org, thinker.li@gmail.com
Subject: Re: [PATCH] net: remove check before __cgroup_bpf_run_filter_skb
Date: Fri, 9 Feb 2024 11:00:09 -0800	[thread overview]
Message-ID: <ZcZ2ObDxRwZ-hKLb@google.com> (raw)
In-Reply-To: <3htegzrugq4xwlizizsaku6g2pzwhndcnxxxmji4fvblisiuro@icvcsa3mky3w>

On 02/08, Oliver Crumrine wrote:
> On Thu, Feb 08, 2024 at 04:43:06PM -0800, Stanislav Fomichev wrote:
> > The check is here to make sure we only run this hook on non-req sockets.
> > Dropping it would mean we'd be running the hook on the listeners
> > instead. I don't think we want that.
> 
> You are correct that we don't want to run the code on listeners. However
> the check for that is in the function this macro calls,
> __cgroup_bpf_run_filter_skb (the check is on line 1367 of
> kernel/bpf/cgroup.c, for 6.8.0-rc3). The check doesn't need to be done
> twice, so it can be removed in this macro. 

Maybe we should instead remove "(!sk || !sk_fullsock(sk))" check from
__cgroup_bpf_run_filter_skb? BPF_CGROUP_RUN_PROG_INET_EGRESS makes
care of all those corner conditions. We just need to add those checks to
BPF_CGROUP_RUN_PROG_INET_INGRESS.

Let me also CC Kui-Feng, he was touching this part recently in commit
223f5f79f2ce ("bpf, net: Check skb ownership against full socket.").

next prev parent reply	other threads:[~2024-02-09 19:00 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-02-08 17:50 [PATCH] net: remove check before __cgroup_bpf_run_filter_skb Oliver Crumrine
2024-02-09  0:43 ` Stanislav Fomichev
2024-02-08 21:50   ` Oliver Crumrine
2024-02-09 19:00     ` Stanislav Fomichev [this message]
2024-02-09 15:36       ` Oliver Crumrine
2024-02-09 20:33       ` Kui-Feng Lee

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZcZ2ObDxRwZ-hKLb@google.com \
    --to=sdf@google.com \
    --cc=bpf@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=ozlinuxc@gmail.com \
    --cc=thinker.li@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.