Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp3729241imm;
        Mon, 8 Oct 2018 08:36:48 -0700 (PDT)
X-Google-Smtp-Source: ACcGV60Fnqt3uSHyTZdiYkfTtkoJNvFBK8oLPUbPo95cvmdxr/fSQ/bYrPau5G1mPuu5GMIjtZ6h
X-Received: by 2002:a62:2a07:: with SMTP id q7-v6mr26035550pfq.103.1539013008810;
        Mon, 08 Oct 2018 08:36:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1539013008; cv=none;
        d=google.com; s=arc-20160816;
        b=pdMVGo2KedInlSs3P8eXdPX6ubF+iM96Cxyrk4W4QdTfyMitStELZPjZiZDdYneZfk
         hpVW1kkFsAUiNLjMIaYyiw2zml1mM2sot8XR++L5RdItEAGFKvMeQBgz8AXqdxkmLjpW
         TBGQ5n4KCXJGUemYqFUAZfL9t5wp8XmlfLVFmXEr3D3V/mhfywwaAoaUjsR1bQ3brpcj
         jjxpVG50Aips5dqz/MxBTF6KurK1Xj65pVIM0lN+IHaQwIZkHWMplh2rukR1Xl9XlAQd
         CaqOWmpbW+Jvu/yeC1RSXCrlk8fYAp0FOTVI0JkaE77r5UZKGfQmU6tK2lmAMFu+5OMM
         x2RQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:references:in-reply-to:message-id:date
         :subject:cc:to:from:dkim-signature;
        bh=1Paqt88DzYD81on66zAto1UU66RgkOoxaGZEzghPecA=;
        b=i1OjOquCAKI5BPcEeJf/54esfwDL/VlWDKxbnoUTR4z1x5CvRWNc4UBkueMKzOKMel
         v+vn9NZ0YCMtuGh6UbZQnqSNLsWl5rxXjH/gr7X5tgPp5/0IvaUXvNjlWg2aYRUKmHTw
         ee8R49CNpohMBA1AEXeWPVnL5nw+TkrBAFRCqS67k1lurlmp3m4gFgH4xtJa4DHvxqll
         NW3i+PtBlcg1g+SVTGxG8uzvs0uouJz7BkiE0ba1qYRVJCr+8lEVecbKw9eZ5m/1ySjA
         R3icW7b+LAeWSAghhDbZ2QYInQ6gYKB3rNjMpDJWkCnQP+3K3XnSGhDDzx6ItmOQTZrK
         hGUw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=JiS8ob5G;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id d16-v6si18029495pfj.251.2018.10.08.08.36.33;
        Mon, 08 Oct 2018 08:36:48 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=JiS8ob5G;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727983AbeJHWi1 (ORCPT <rfc822;chauncqc@gmail.com> + 99 others);
        Mon, 8 Oct 2018 18:38:27 -0400
Received: from mail.kernel.org ([198.145.29.99]:56896 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1727827AbeJHWiY (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 8 Oct 2018 18:38:24 -0400
Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35])
        (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 51523214DC;
        Mon,  8 Oct 2018 15:26:08 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1539012368;
        bh=QFK5ue3WEVMe74bdKKp4H+L5pyBnVmwh0zov7I4ceng=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=JiS8ob5Gk3hm5jgUWHjFjwgNEx544f14meGEeaQFdSFIe7VbVrZ4BwUi/J6l2GKSd
         8YwFo6sDYrrHTaJmTRVkKgwU1ED2Fk58IwSkJK3KUXgDMLNZMtsiDCDAhKoMG8iuHS
         n2fzwbPgE88RN5GPHE/5J23h/Gatqx2gi3pyZu/k=
From:   Sasha Levin <sashal@kernel.org>
To:     stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc:     John Fastabend <john.fastabend@gmail.com>,
        Daniel Borkmann <daniel@iogearbox.net>,
        Sasha Levin <alexander.levin@microsoft.com>
Subject: [PATCH AUTOSEL 4.18 44/58] bpf: sockmap only allow ESTABLISHED sock state
Date:   Mon,  8 Oct 2018 11:25:09 -0400
Message-Id: <20181008152523.70705-44-sashal@kernel.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20181008152523.70705-1-sashal@kernel.org>
References: <20181008152523.70705-1-sashal@kernel.org>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: John Fastabend <john.fastabend@gmail.com>

[ Upstream commit 5607fff303636d48b88414c6be353d9fed700af2 ]

After this patch we only allow socks that are in ESTABLISHED state or
are being added via a sock_ops event that is transitioning into an
ESTABLISHED state. By allowing sock_ops events we allow users to
manage sockmaps directly from sock ops programs. The two supported
sock_ops ops are BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB and
BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB.

Similar to TLS ULP this ensures sk_user_data is correct.

Reported-by: Eric Dumazet <edumazet@google.com>
Fixes: 1aa12bdf1bfb ("bpf: sockmap, add sock close() hook to remove socks")
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Acked-by: Yonghong Song <yhs@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
 kernel/bpf/sockmap.c | 31 ++++++++++++++++++++++++++++++-
 1 file changed, 30 insertions(+), 1 deletion(-)

diff --git a/kernel/bpf/sockmap.c b/kernel/bpf/sockmap.c
index ed707b21d152..0d829e71024b 100644
--- a/kernel/bpf/sockmap.c
+++ b/kernel/bpf/sockmap.c
@@ -2092,8 +2092,12 @@ static int sock_map_update_elem(struct bpf_map *map,
 		return -EINVAL;
 	}
 
+	/* ULPs are currently supported only for TCP sockets in ESTABLISHED
+	 * state.
+	 */
 	if (skops.sk->sk_type != SOCK_STREAM ||
-	    skops.sk->sk_protocol != IPPROTO_TCP) {
+	    skops.sk->sk_protocol != IPPROTO_TCP ||
+	    skops.sk->sk_state != TCP_ESTABLISHED) {
 		fput(socket->file);
 		return -EOPNOTSUPP;
 	}
@@ -2448,6 +2452,16 @@ static int sock_hash_update_elem(struct bpf_map *map,
 		return -EINVAL;
 	}
 
+	/* ULPs are currently supported only for TCP sockets in ESTABLISHED
+	 * state.
+	 */
+	if (skops.sk->sk_type != SOCK_STREAM ||
+	    skops.sk->sk_protocol != IPPROTO_TCP ||
+	    skops.sk->sk_state != TCP_ESTABLISHED) {
+		fput(socket->file);
+		return -EOPNOTSUPP;
+	}
+
 	lock_sock(skops.sk);
 	preempt_disable();
 	rcu_read_lock();
@@ -2536,10 +2550,22 @@ const struct bpf_map_ops sock_hash_ops = {
 	.map_release_uref = sock_map_release,
 };
 
+static bool bpf_is_valid_sock_op(struct bpf_sock_ops_kern *ops)
+{
+	return ops->op == BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB ||
+	       ops->op == BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB;
+}
 BPF_CALL_4(bpf_sock_map_update, struct bpf_sock_ops_kern *, bpf_sock,
 	   struct bpf_map *, map, void *, key, u64, flags)
 {
 	WARN_ON_ONCE(!rcu_read_lock_held());
+
+	/* ULPs are currently supported only for TCP sockets in ESTABLISHED
+	 * state. This checks that the sock ops triggering the update is
+	 * one indicating we are (or will be soon) in an ESTABLISHED state.
+	 */
+	if (!bpf_is_valid_sock_op(bpf_sock))
+		return -EOPNOTSUPP;
 	return sock_map_ctx_update_elem(bpf_sock, map, key, flags);
 }
 
@@ -2558,6 +2584,9 @@ BPF_CALL_4(bpf_sock_hash_update, struct bpf_sock_ops_kern *, bpf_sock,
 	   struct bpf_map *, map, void *, key, u64, flags)
 {
 	WARN_ON_ONCE(!rcu_read_lock_held());
+
+	if (!bpf_is_valid_sock_op(bpf_sock))
+		return -EOPNOTSUPP;
 	return sock_hash_ctx_update_elem(bpf_sock, map, key, flags);
 }
 
-- 
2.17.1