From: Lorenz Bauer <lmb@cloudflare.com>
To: John Fastabend <john.fastabend@gmail.com>
Cc: Daniel Borkmann <daniel@iogearbox.net>,
Jakub Sitnicki <jakub@cloudflare.com>,
"David S. Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>,
Alexei Starovoitov <ast@kernel.org>,
kernel-team <kernel-team@cloudflare.com>,
Networking <netdev@vger.kernel.org>, bpf <bpf@vger.kernel.org>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 4/5] bpf: sockmap, sockhash: return file descriptors from privileged lookup
Date: Tue, 17 Mar 2020 10:17:37 +0000 [thread overview]
Message-ID: <CACAyw9_4wvOdE+enxxJPPTMXbfFmWfMo8qcaRtu6j0y4W=E9HQ@mail.gmail.com> (raw)
In-Reply-To: <5e6973ed90f8d_20552ab9153405b4ca@john-XPS-13-9370.notmuch>
On Wed, 11 Mar 2020 at 23:27, John Fastabend <john.fastabend@gmail.com> wrote:
>
> Lorenz Bauer wrote:
> > Allow callers with CAP_NET_ADMIN to retrieve file descriptors from a
> > sockmap and sockhash. O_CLOEXEC is enforced on all fds.
> >
> > Without this, it's difficult to resize or otherwise rebuild existing
> > sockmap or sockhashes.
> >
> > Suggested-by: Jakub Sitnicki <jakub@cloudflare.com>
> > Signed-off-by: Lorenz Bauer <lmb@cloudflare.com>
> > ---
> > net/core/sock_map.c | 19 +++++++++++++++++++
> > 1 file changed, 19 insertions(+)
> >
> > diff --git a/net/core/sock_map.c b/net/core/sock_map.c
> > index 03e04426cd21..3228936aa31e 100644
> > --- a/net/core/sock_map.c
> > +++ b/net/core/sock_map.c
> > @@ -347,12 +347,31 @@ static void *sock_map_lookup(struct bpf_map *map, void *key)
> > static int __sock_map_copy_value(struct bpf_map *map, struct sock *sk,
> > void *value)
> > {
> > + struct file *file;
> > + int fd;
> > +
> > switch (map->value_size) {
> > case sizeof(u64):
> > sock_gen_cookie(sk);
> > *(u64 *)value = atomic64_read(&sk->sk_cookie);
> > return 0;
> >
> > + case sizeof(u32):
> > + if (!capable(CAP_NET_ADMIN))
> > + return -EPERM;
> > +
> > + fd = get_unused_fd_flags(O_CLOEXEC);
> > + if (unlikely(fd < 0))
> > + return fd;
> > +
> > + read_lock_bh(&sk->sk_callback_lock);
> > + file = get_file(sk->sk_socket->file);
> > + read_unlock_bh(&sk->sk_callback_lock);
> > +
> > + fd_install(fd, file);
> > + *(u32 *)value = fd;
> > + return 0;
> > +
>
> Hi Lorenz, Can you say something about what happens if the sk
> is deleted from the map or the sock is closed/unhashed ideally
> in the commit message so we have it for later reference. I guess
> because we are in an rcu block here the sk will be OK and psock
> reference will exist until after the rcu block at least because
> of call_rcu(). If the psock is destroyed from another path then
> the fd will still point at the sock. correct?
This is how I understand it:
* sk is protected by rcu_read_lock (as you point out)
* sk->sk_callback_lock protects against sk->sk_socket being
modified by sock_orphan, sock_graft, etc. via sk_set_socket
* get_file increments the refcount on the file
I'm not sure how the psock figures into this, maybe you can
elaborate a little?
--
Lorenz Bauer | Systems Engineer
6th Floor, County Hall/The Riverside Building, SE1 7PB, UK
www.cloudflare.com
next prev parent reply other threads:[~2020-03-17 10:17 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-10 17:47 [PATCH 0/5] Return fds from privileged sockhash/sockmap lookup Lorenz Bauer
2020-03-10 17:47 ` [PATCH 1/5] bpf: add map_copy_value hook Lorenz Bauer
2020-03-10 17:47 ` [PATCH 2/5] bpf: convert queue and stack map to map_copy_value Lorenz Bauer
2020-03-11 14:00 ` Jakub Sitnicki
2020-03-11 22:31 ` John Fastabend
2020-03-10 17:47 ` [PATCH 3/5] bpf: convert sock map and hash " Lorenz Bauer
2020-03-11 13:55 ` Jakub Sitnicki
2020-03-10 17:47 ` [PATCH 4/5] bpf: sockmap, sockhash: return file descriptors from privileged lookup Lorenz Bauer
2020-03-11 23:27 ` John Fastabend
2020-03-17 10:17 ` Lorenz Bauer [this message]
2020-03-17 15:18 ` Jakub Sitnicki
2020-03-17 18:16 ` John Fastabend
2020-03-10 17:47 ` [PATCH 5/5] bpf: sockmap, sockhash: test looking up fds Lorenz Bauer
2020-03-11 13:52 ` Jakub Sitnicki
2020-03-11 17:24 ` Lorenz Bauer
2020-03-11 13:44 ` [PATCH 0/5] Return fds from privileged sockhash/sockmap lookup Jakub Sitnicki
2020-03-11 22:40 ` John Fastabend
2020-03-12 1:58 ` Alexei Starovoitov
2020-03-12 9:16 ` Lorenz Bauer
2020-03-12 17:58 ` Alexei Starovoitov
2020-03-12 19:32 ` John Fastabend
2020-03-13 11:03 ` Lorenz Bauer
2020-03-13 10:48 ` Lorenz Bauer
2020-03-14 2:58 ` Alexei Starovoitov
2020-03-17 9:55 ` Lorenz Bauer
2020-03-17 19:05 ` John Fastabend
2020-03-20 15:12 ` Lorenz Bauer
2020-04-07 3:08 ` Alexei Starovoitov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CACAyw9_4wvOdE+enxxJPPTMXbfFmWfMo8qcaRtu6j0y4W=E9HQ@mail.gmail.com' \
--to=lmb@cloudflare.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=jakub@cloudflare.com \
--cc=john.fastabend@gmail.com \
--cc=kernel-team@cloudflare.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.