[bpf PATCH v2 0/2] bpf, sockmap IPv6/TCP state fixes

public inbox for netdev@vger.kernel.org
 help / color / mirror / Atom feed

From: John Fastabend <john.fastabend@gmail.com>
To: edumazet@google.com, weiwan@google.com, daniel@iogearbox.net,
	ast@kernel.org
Cc: netdev@vger.kernel.org
Subject: [bpf PATCH v2 0/2] bpf, sockmap IPv6/TCP state fixes
Date: Fri, 08 Jun 2018 08:06:33 -0700	[thread overview]
Message-ID: <20180608145951.15153.80520.stgit@john-Precision-Tower-5810> (raw)

ULP are only valid with TCP in ESTABLISHED states. Sockmap was not
following this rule so add a fix to only allow ESTABLISHED states to
be added from the userspace side. On the BPF side we continue to allow
adding sockets to maps from sock_ops events, but only events that are
triggered when entering the ESTABLISHED state. This blocks users from
adding sockets to maps that will not be in the correct TCP state.

Also we stomped on the tcpv6_prot pointer overwriting with the
tcp_prot. This was discovered by syzbot (thanks!) and not found by
selftests because we only have local tests in selftest so even with
ipv6 selftests we did not trigger the splat.

Will follow up with IPv6 tests for selftest regardless it seems like
a miss to not have any IPv6 selftests.

Also these need to go to stable. There will be a small conflict on
the second patch where we add check to the sockhash update function
which did not exist until recently.

---

John Fastabend (2):
      bpf: sockmap, fix crash when ipv6 sock is added
      bpf: sockmap only allow ESTABLISHED sock state

 kernel/bpf/sockmap.c |   56 ++++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 52 insertions(+), 4 deletions(-)

next             reply	other threads:[~2018-06-08 15:06 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-06-08 15:06 John Fastabend [this message]
2018-06-08 15:06 ` [bpf PATCH v2 1/2] bpf: sockmap, fix crash when ipv6 sock is added John Fastabend
2018-06-11 23:14   ` Daniel Borkmann
2018-06-12 13:57     ` John Fastabend
2018-06-08 15:06 ` [bpf PATCH v2 2/2] bpf: sockmap only allow ESTABLISHED sock state John Fastabend
2018-06-09 20:51   ` Daniel Borkmann
2018-06-09 21:53   ` John Fastabend

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180608145951.15153.80520.stgit@john-Precision-Tower-5810 \
    --to=john.fastabend@gmail.com \
    --cc=ast@kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=edumazet@google.com \
    --cc=netdev@vger.kernel.org \
    --cc=weiwan@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox