From: Martin KaFai Lau <martin.lau@linux.dev>
To: Daan De Meyer <daan.j.demeyer@gmail.com>
Cc: kernel-team@meta.com, netdev@vger.kernel.org, bpf@vger.kernel.org
Subject: Re: [PATCH bpf-next v3 4/9] bpf: Implement cgroup sockaddr hooks for unix sockets
Date: Tue, 5 Sep 2023 14:38:26 -0700 [thread overview]
Message-ID: <6ad30137-c7d7-884b-c19e-e16288984d57@linux.dev> (raw)
In-Reply-To: <52177bd8-65a5-ef4d-b00d-47509855c3e4@linux.dev>
On 9/5/23 12:02 PM, Martin KaFai Lau wrote:
>> @@ -1766,14 +1787,37 @@ static int unix_getname(struct socket *sock, struct
>> sockaddr *uaddr, int peer)
>> if (!addr) {
>> sunaddr->sun_family = AF_UNIX;
>> sunaddr->sun_path[0] = 0;
>> - err = offsetof(struct sockaddr_un, sun_path);
>> + addr_len = offsetof(struct sockaddr_un, sun_path);
>> } else {
>> - err = addr->len;
>> + addr_len = addr->len;
>> memcpy(sunaddr, addr->name, addr->len);
>> }
>> +
>> + if (peer && cgroup_bpf_enabled(CGROUP_UNIX_GETPEERNAME)) {
>> + err = BPF_CGROUP_RUN_SA_PROG(sk, uaddr, &addr_len,
>> + CGROUP_UNIX_GETPEERNAME);
>> + if (err)
>
> UNIX_GETPEERNAME can only have return value 1 (OK), so no need to do err check
> here.
>
>> + goto out;
>> +
>> + err = unix_validate_addr(sunaddr, addr_len);
>
> Since the kfunc is specific to the unix address, how about doing the
> unix_validate_addr check in the kfunc itself?
When reading patch 3 again, the kfunc has already checked the addrlen with the
UNIX_PATH_MAX. It should be as good as unix_validate_addr() check considering
the kfunc can only change the sunaddr->sun_path?
next prev parent reply other threads:[~2023-09-05 21:38 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-31 15:34 [PATCH bpf-next v4 0/9] Add cgroup sockaddr hooks for unix sockets Daan De Meyer
2023-08-31 15:34 ` [PATCH bpf-next v3 1/9] selftests/bpf: Add missing section name tests for getpeername/getsockname Daan De Meyer
2023-08-31 15:34 ` [PATCH bpf-next v3 2/9] bpf: Propagate modified uaddrlen from cgroup sockaddr programs Daan De Meyer
2023-09-05 21:21 ` Martin KaFai Lau
2023-08-31 15:34 ` [PATCH bpf-next v3 3/9] bpf: Add bpf_sock_addr_set_unix_addr() to allow writing unix sockaddr from bpf Daan De Meyer
2023-09-04 20:58 ` Alexei Starovoitov
2023-09-05 21:37 ` Martin KaFai Lau
2023-08-31 15:34 ` [PATCH bpf-next v3 4/9] bpf: Implement cgroup sockaddr hooks for unix sockets Daan De Meyer
2023-09-01 19:34 ` Kuniyuki Iwashima
2023-09-05 19:02 ` Martin KaFai Lau
2023-09-05 21:38 ` Martin KaFai Lau [this message]
2023-08-31 15:34 ` [PATCH bpf-next v3 5/9] libbpf: Add support for cgroup unix socket address hooks Daan De Meyer
2023-08-31 15:34 ` [PATCH bpf-next v3 6/9] bpftool: " Daan De Meyer
2023-08-31 16:58 ` Quentin Monnet
2023-08-31 15:34 ` [PATCH bpf-next v3 7/9] documentation/bpf: Document " Daan De Meyer
2023-08-31 15:34 ` [PATCH bpf-next v3 8/9] selftests/bpf: Make sure mount directory exists Daan De Meyer
2023-08-31 15:34 ` [PATCH bpf-next v3 9/9] selftests/bpf: Add tests for cgroup unix socket address hooks Daan De Meyer
2023-09-05 20:07 ` Martin KaFai Lau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6ad30137-c7d7-884b-c19e-e16288984d57@linux.dev \
--to=martin.lau@linux.dev \
--cc=bpf@vger.kernel.org \
--cc=daan.j.demeyer@gmail.com \
--cc=kernel-team@meta.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).