From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 576CBDF6E for ; Tue, 5 Sep 2023 21:38:32 +0000 (UTC) Received: from out-216.mta0.migadu.com (out-216.mta0.migadu.com [IPv6:2001:41d0:1004:224b::d8]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0A0C5191 for ; Tue, 5 Sep 2023 14:38:31 -0700 (PDT) Message-ID: <6ad30137-c7d7-884b-c19e-e16288984d57@linux.dev> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1693949909; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wfptWl/s1atqi3XO0dXXzLTryT1h+Nv8xL9FirXe9es=; b=o27bh+yVKqUGlGitwiabSsIdDElCy+P60ie8Z/gXDqEzpsU070xnMihCiNm1R3tho9StF8 B4ItLM04MyIqHYCzPyGV2vwVSGkB+oAqBSzr0teCdJuVygd4oMOCIvYIhBL6xsaulHqxeS OPdb1OGFdALWDFFlgrDFiXOHO5QTsfA= Date: Tue, 5 Sep 2023 14:38:26 -0700 Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Subject: Re: [PATCH bpf-next v3 4/9] bpf: Implement cgroup sockaddr hooks for unix sockets Content-Language: en-US X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Martin KaFai Lau To: Daan De Meyer Cc: kernel-team@meta.com, netdev@vger.kernel.org, bpf@vger.kernel.org References: <20230831153455.1867110-1-daan.j.demeyer@gmail.com> <20230831153455.1867110-5-daan.j.demeyer@gmail.com> <52177bd8-65a5-ef4d-b00d-47509855c3e4@linux.dev> In-Reply-To: <52177bd8-65a5-ef4d-b00d-47509855c3e4@linux.dev> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Migadu-Flow: FLOW_OUT X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net On 9/5/23 12:02 PM, Martin KaFai Lau wrote: >> @@ -1766,14 +1787,37 @@ static int unix_getname(struct socket *sock, struct >> sockaddr *uaddr, int peer) >>       if (!addr) { >>           sunaddr->sun_family = AF_UNIX; >>           sunaddr->sun_path[0] = 0; >> -        err = offsetof(struct sockaddr_un, sun_path); >> +        addr_len = offsetof(struct sockaddr_un, sun_path); >>       } else { >> -        err = addr->len; >> +        addr_len = addr->len; >>           memcpy(sunaddr, addr->name, addr->len); >>       } >> + >> +    if (peer && cgroup_bpf_enabled(CGROUP_UNIX_GETPEERNAME)) { >> +        err = BPF_CGROUP_RUN_SA_PROG(sk, uaddr, &addr_len, >> +                         CGROUP_UNIX_GETPEERNAME); >> +        if (err) > > UNIX_GETPEERNAME can only have return value 1 (OK), so no need to do err check > here. > >> +            goto out; >> + >> +        err = unix_validate_addr(sunaddr, addr_len); > > Since the kfunc is specific to the unix address, how about doing the > unix_validate_addr check in the kfunc itself? When reading patch 3 again, the kfunc has already checked the addrlen with the UNIX_PATH_MAX. It should be as good as unix_validate_addr() check considering the kfunc can only change the sunaddr->sun_path?