From: Yonghong Song <yonghong.song@linux.dev>
To: Tze-nan Wu <Tze-nan.Wu@mediatek.com>,
netdev@vger.kernel.org, bpf@vger.kernel.org,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Matthias Brugger <matthias.bgg@gmail.com>,
AngeloGioacchino Del Regno
<angelogioacchino.delregno@collabora.com>,
Stanislav Fomichev <sdf@fomichev.me>
Cc: bobule.chang@mediatek.com, wsd_upstream@mediatek.com,
linux-kernel@vger.kernel.org, linux-mediatek@lists.infradead.org,
Kuniyuki Iwashima <kuniyu@amazon.com>,
Yanghui Li <yanghui.li@mediatek.com>,
Cheng-Jui Wang <cheng-jui.wang@mediatek.com>,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
John Fastabend <john.fastabend@gmail.com>,
Andrii Nakryiko <andrii@kernel.org>,
Martin KaFai Lau <martin.lau@linux.dev>,
Eduard Zingerman <eddyz87@gmail.com>, Song Liu <song@kernel.org>,
KP Singh <kpsingh@kernel.org>, Hao Luo <haoluo@google.com>,
Jiri Olsa <jolsa@kernel.org>,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH net v4] bpf, net: Check cgroup_bpf_enabled() only once in do_sock_getsockopt()
Date: Wed, 21 Aug 2024 11:44:52 -0700 [thread overview]
Message-ID: <b007ee0b-ff90-43ff-91a1-44882bf0e799@linux.dev> (raw)
In-Reply-To: <20240821093016.2533-1-Tze-nan.Wu@mediatek.com>
On 8/21/24 2:30 AM, Tze-nan Wu wrote:
> The return value from `cgroup_bpf_enabled(CGROUP_GETSOCKOPT)` can change
> between the invocations of `BPF_CGROUP_GETSOCKOPT_MAX_OPTLEN` and
> `BPF_CGROUP_RUN_PROG_GETSOCKOPT`.
>
> If `cgroup_bpf_enabled(CGROUP_GETSOCKOPT)` changes from "false" to
> "true" between the invocations of `BPF_CGROUP_GETSOCKOPT_MAX_OPTLEN` and
> `BPF_CGROUP_RUN_PROG_GETSOCKOPT`, `BPF_CGROUP_RUN_PROG_GETSOCKOPT` will
> receive an -EFAULT from `__cgroup_bpf_run_filter_getsockopt(max_optlen=0)`
> due to `get_user()` was not reached in `BPF_CGROUP_GETSOCKOPT_MAX_OPTLEN`.
>
> Scenario shown as below:
>
> `process A` `process B`
> ----------- ------------
> BPF_CGROUP_GETSOCKOPT_MAX_OPTLEN
> enable CGROUP_GETSOCKOPT
> BPF_CGROUP_RUN_PROG_GETSOCKOPT (-EFAULT)
>
> To prevent this, invoke `cgroup_bpf_enabled()` only once and cache the
> result in a newly added local variable `enabled`.
> Both `BPF_CGROUP_*` macros in `do_sock_getsockopt` will then check their
> condition using the same `enabled` variable as the condition variable,
> instead of using the return values from `cgroup_bpf_enabled` called by
> themselves as the condition variable(which could yield different results).
> This ensures that either both `BPF_CGROUP_*` macros pass the condition
> or neither does.
>
> Fixes: 0d01da6afc54 ("bpf: implement getsockopt and setsockopt hooks")
> Co-developed-by: Yanghui Li <yanghui.li@mediatek.com>
> Signed-off-by: Yanghui Li <yanghui.li@mediatek.com>
> Co-developed-by: Cheng-Jui Wang <cheng-jui.wang@mediatek.com>
> Signed-off-by: Cheng-Jui Wang <cheng-jui.wang@mediatek.com>
> Signed-off-by: Tze-nan Wu <Tze-nan.Wu@mediatek.com>
> ---
>
> Chagnes from v1 to v2: https://lore.kernel.org/all/20240819082513.27176-1-Tze-nan.Wu@mediatek.com/
> Instead of using cgroup_lock in the fastpath, invoke cgroup_bpf_enabled
> only once and cache the value in the newly added variable `enabled`.
> `BPF_CGROUP_*` macros in do_sock_getsockopt can then both check their
> condition with the new variable `enable`, ensuring that either they both
> passing the condition or both do not.
>
> Chagnes from v2 to v3: https://lore.kernel.org/all/20240819155627.1367-1-Tze-nan.Wu@mediatek.com/
> Hide cgroup_bpf_enabled in the macro, and some modifications to adapt
> the coding style.
>
> Chagnes from v3 to v4: https://lore.kernel.org/all/20240820092942.16654-1-Tze-nan.Wu@mediatek.com/
> Add bpf tag to subject, and Fixes tag in body.
>
> ---
> include/linux/bpf-cgroup.h | 15 ++++++++-------
> net/socket.c | 5 +++--
> 2 files changed, 11 insertions(+), 9 deletions(-)
>
> diff --git a/include/linux/bpf-cgroup.h b/include/linux/bpf-cgroup.h
> index fb3c3e7181e6..5afa2ac76aae 100644
> --- a/include/linux/bpf-cgroup.h
> +++ b/include/linux/bpf-cgroup.h
> @@ -390,20 +390,20 @@ static inline bool cgroup_bpf_sock_enabled(struct sock *sk,
> __ret; \
> })
>
> -#define BPF_CGROUP_GETSOCKOPT_MAX_OPTLEN(optlen) \
> +#define BPF_CGROUP_GETSOCKOPT_MAX_OPTLEN(optlen, enabled) \
> ({ \
> int __ret = 0; \
> - if (cgroup_bpf_enabled(CGROUP_GETSOCKOPT)) \
> + enabled = cgroup_bpf_enabled(CGROUP_GETSOCKOPT); \
> + if (enabled) \
> copy_from_sockptr(&__ret, optlen, sizeof(int)); \
> __ret; \
> })
>
> #define BPF_CGROUP_RUN_PROG_GETSOCKOPT(sock, level, optname, optval, optlen, \
> - max_optlen, retval) \
> + max_optlen, retval, enabled) \
> ({ \
> int __ret = retval; \
> - if (cgroup_bpf_enabled(CGROUP_GETSOCKOPT) && \
> - cgroup_bpf_sock_enabled(sock, CGROUP_GETSOCKOPT)) \
> + if (enabled && cgroup_bpf_sock_enabled(sock, CGROUP_GETSOCKOPT)) \
> if (!(sock)->sk_prot->bpf_bypass_getsockopt || \
> !INDIRECT_CALL_INET_1((sock)->sk_prot->bpf_bypass_getsockopt, \
> tcp_bpf_bypass_getsockopt, \
> @@ -518,9 +518,10 @@ static inline int bpf_percpu_cgroup_storage_update(struct bpf_map *map,
> #define BPF_CGROUP_RUN_PROG_SOCK_OPS(sock_ops) ({ 0; })
> #define BPF_CGROUP_RUN_PROG_DEVICE_CGROUP(atype, major, minor, access) ({ 0; })
> #define BPF_CGROUP_RUN_PROG_SYSCTL(head,table,write,buf,count,pos) ({ 0; })
> -#define BPF_CGROUP_GETSOCKOPT_MAX_OPTLEN(optlen) ({ 0; })
> +#define BPF_CGROUP_GETSOCKOPT_MAX_OPTLEN(optlen, enabled) ({ 0; })
> #define BPF_CGROUP_RUN_PROG_GETSOCKOPT(sock, level, optname, optval, \
> - optlen, max_optlen, retval) ({ retval; })
> + optlen, max_optlen, retval, \
> + enabled) ({ retval; })
> #define BPF_CGROUP_RUN_PROG_GETSOCKOPT_KERN(sock, level, optname, optval, \
> optlen, retval) ({ retval; })
> #define BPF_CGROUP_RUN_PROG_SETSOCKOPT(sock, level, optname, optval, optlen, \
> diff --git a/net/socket.c b/net/socket.c
> index fcbdd5bc47ac..0b465dc8a789 100644
> --- a/net/socket.c
> +++ b/net/socket.c
> @@ -2363,6 +2363,7 @@ int do_sock_getsockopt(struct socket *sock, bool compat, int level,
> int optname, sockptr_t optval, sockptr_t optlen)
> {
> int max_optlen __maybe_unused;
> + bool enabled __maybe_unused;
> const struct proto_ops *ops;
> int err;
>
> @@ -2371,7 +2372,7 @@ int do_sock_getsockopt(struct socket *sock, bool compat, int level,
> return err;
>
> if (!compat)
> - max_optlen = BPF_CGROUP_GETSOCKOPT_MAX_OPTLEN(optlen);
> + max_optlen = BPF_CGROUP_GETSOCKOPT_MAX_OPTLEN(optlen, enabled);
Here, 'enabled' is actually assigned with a value in the macro. I am not sure
whether this is a common practice or not. At least from macro, it is not clear
about this.
Maybe we can do
max_optlen = BPF_CGROUP_GETSOCKOPT_MAX_OPTLEN(optlen, &enabled);
The &enabled signals that its value could change. And indeed
the macro will store the proper value to &enabled properly.
Just my 2 cents.
>
> ops = READ_ONCE(sock->ops);
> if (level == SOL_SOCKET) {
> @@ -2390,7 +2391,7 @@ int do_sock_getsockopt(struct socket *sock, bool compat, int level,
> if (!compat)
> err = BPF_CGROUP_RUN_PROG_GETSOCKOPT(sock->sk, level, optname,
> optval, optlen, max_optlen,
> - err);
> + err, enabled);
>
> return err;
> }
next prev parent reply other threads:[~2024-08-21 18:45 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-21 9:30 [PATCH net v4] bpf, net: Check cgroup_bpf_enabled() only once in do_sock_getsockopt() Tze-nan Wu
2024-08-21 18:44 ` Yonghong Song [this message]
2024-08-22 3:28 ` Tze-nan Wu (吳澤南)
2024-08-21 21:01 ` Alexei Starovoitov
2024-08-22 3:16 ` Tze-nan Wu (吳澤南)
2024-08-22 7:01 ` Tze-nan Wu (吳澤南)
2024-08-22 16:00 ` Alexei Starovoitov
2024-08-24 2:04 ` Stanislav Fomichev
2024-08-29 12:44 ` Tze-nan Wu (吳澤南)
2024-08-29 16:27 ` Alexei Starovoitov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b007ee0b-ff90-43ff-91a1-44882bf0e799@linux.dev \
--to=yonghong.song@linux.dev \
--cc=Tze-nan.Wu@mediatek.com \
--cc=andrii@kernel.org \
--cc=angelogioacchino.delregno@collabora.com \
--cc=ast@kernel.org \
--cc=bobule.chang@mediatek.com \
--cc=bpf@vger.kernel.org \
--cc=cheng-jui.wang@mediatek.com \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=eddyz87@gmail.com \
--cc=edumazet@google.com \
--cc=haoluo@google.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=kuba@kernel.org \
--cc=kuniyu@amazon.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mediatek@lists.infradead.org \
--cc=martin.lau@linux.dev \
--cc=matthias.bgg@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=sdf@fomichev.me \
--cc=song@kernel.org \
--cc=wsd_upstream@mediatek.com \
--cc=yanghui.li@mediatek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.