From: Alexei Starovoitov <alexei.starovoitov@gmail.com>
To: Florent Revest <revest@chromium.org>
Cc: bpf <bpf@vger.kernel.org>, Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>,
KP Singh <kpsingh@chromium.org>,
Florent Revest <revest@google.com>,
Brendan Jackman <jackmanb@chromium.org>,
LKML <linux-kernel@vger.kernel.org>,
KP Singh <kpsingh@kernel.org>
Subject: Re: [PATCH bpf-next v7 2/5] bpf: Expose bpf_get_socket_cookie to tracing programs
Date: Thu, 11 Feb 2021 18:28:54 -0800 [thread overview]
Message-ID: <CAADnVQ+e7P9SeDFUQ58tX8PAEf+bymWBXXboO+Qv8AO2DS5YWQ@mail.gmail.com> (raw)
In-Reply-To: <20210210111406.785541-2-revest@chromium.org>
On Wed, Feb 10, 2021 at 3:14 AM Florent Revest <revest@chromium.org> wrote:
>
> +BPF_CALL_1(bpf_get_socket_ptr_cookie, struct sock *, sk)
> +{
> + return sk ? sock_gen_cookie(sk) : 0;
> +}
> +
> +const struct bpf_func_proto bpf_get_socket_ptr_cookie_proto = {
> + .func = bpf_get_socket_ptr_cookie,
> + .gpl_only = false,
> + .ret_type = RET_INTEGER,
> + .arg1_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON,
> +};
As Daniel pointed out there is an sk_destruct issue here, but I don't
think it's fair
to penalize this set and future similar patches. They don't make things worse.
The issue has been there for some time due to sk_storage in tracing and
other helpers. We need to come up with a holistic approach to solve it.
I suspect allow/deny lists will certainly make it better, but won't
really address it,
and will be fragile over long term.
I think tracing would need to be integrated with bpf_lsm and start relying
on security_*_free callbacks to cover this last 1%.
I think that would be a great topic for the next bpf office hours on Feb 25.
next prev parent reply other threads:[~2021-02-12 2:30 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-10 11:14 [PATCH bpf-next v7 1/5] bpf: Be less specific about socket cookies guarantees Florent Revest
2021-02-10 11:14 ` [PATCH bpf-next v7 2/5] bpf: Expose bpf_get_socket_cookie to tracing programs Florent Revest
2021-02-10 19:51 ` Andrii Nakryiko
2021-02-10 19:55 ` Florent Revest
2021-02-12 2:28 ` Alexei Starovoitov [this message]
2021-02-10 11:14 ` [PATCH bpf-next v7 3/5] selftests/bpf: Integrate the socket_cookie test to test_progs Florent Revest
2021-02-10 11:14 ` [PATCH bpf-next v7 4/5] selftests/bpf: Use vmlinux.h in socket_cookie_prog.c Florent Revest
2021-02-10 11:14 ` [PATCH bpf-next v7 5/5] selftests/bpf: Add a selftest for the tracing bpf_get_socket_cookie Florent Revest
2021-02-12 2:20 ` [PATCH bpf-next v7 1/5] bpf: Be less specific about socket cookies guarantees patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAADnVQ+e7P9SeDFUQ58tX8PAEf+bymWBXXboO+Qv8AO2DS5YWQ@mail.gmail.com \
--to=alexei.starovoitov@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=jackmanb@chromium.org \
--cc=kpsingh@chromium.org \
--cc=kpsingh@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=revest@chromium.org \
--cc=revest@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.