Received: by 2002:a05:6358:53a8:b0:117:f937:c515 with SMTP id z40csp1309559rwe; Fri, 14 Apr 2023 19:03:16 -0700 (PDT) X-Google-Smtp-Source: AKy350bGYaTJ8v6PFWkNQnKqBkt5SmMD4V7qo6Jei0MDK5vNbSQE07zidny0OojuAAKhSCdfDeHQ X-Received: by 2002:a05:6a00:cc2:b0:62d:bf69:e9e0 with SMTP id b2-20020a056a000cc200b0062dbf69e9e0mr15000575pfv.17.1681524195759; Fri, 14 Apr 2023 19:03:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1681524195; cv=none; d=google.com; s=arc-20160816; b=QesmitObFGo6UfMwCiKLPrlxQAMMIZpjasifN0HqlZ1lhUWoAYZ7+wF7LVHcV4k3Rm I/5ij9osRLYJU09k8fFOsLordAKlplW09Hv7N6MXo2npM1gG8B7eq5pHrLsgk/A97u2X WmGJ6h/re6oQEmMT3vJaqf1kBq92V2vSo/S8covvkazLLUfEP3kO5odFCyLdPzkNEfun tpJtAiRHQPU0TcVKH7vHigwdtrbZ165TtxszOlF3ySu2N/MQA0RiYv5Xuh7YfB3G3llB AsZN3l1Z8oZOF9pw8yiJbt3/az67jYmTJK5StSfpfg2MYj2Ev+u0E6/vQt54sMyGx8ap MoOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:from:subject :message-id:references:mime-version:in-reply-to:date:dkim-signature; bh=wgg0kRJ3s4RNAMUV5romv+CLC/70n6mh2aOg/nYLnSo=; b=aTKvHjjbZqhNWXBRJZOC1DlmtCKcp2cEX2yZFvbmbHDEI4FDKXE4+IVZGb4HC388UI l6/C5THGdCCmyjGBhGRZxd/SRa51/ReT+o1YTgr/Wb03DBfIP2eLZLBCs0x8giVEPpLR YLxxUxF0dms47+Q1Mj3b5n4mZ1fEKZ2wXUYSnZ4fX2vh8nZw4GSRIqUtffupkPTwXCKf tpVEQ6ax0jSEADraTA24WnHS5SjwNNIity3F6JWqdP7U2KcQ80jshbrV/ZXvaHUvP75J 3nIAUMAtwokYV9lwTelrbQCw/Cy5zh1C8POI3jP0FWojC62CNBRcWPvqHanCvqDdNHU0 YhEg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=LL3Uiq0a; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a77-20020a621a50000000b005e06c0a9852si569827pfa.179.2023.04.14.19.02.37; Fri, 14 Apr 2023 19:03:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=LL3Uiq0a; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229878AbjDOBzp (ORCPT + 99 others); Fri, 14 Apr 2023 21:55:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41404 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229457AbjDOBzn (ORCPT ); Fri, 14 Apr 2023 21:55:43 -0400 Received: from mail-pj1-x104a.google.com (mail-pj1-x104a.google.com [IPv6:2607:f8b0:4864:20::104a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 00E934C0C for ; Fri, 14 Apr 2023 18:55:42 -0700 (PDT) Received: by mail-pj1-x104a.google.com with SMTP id p5-20020a17090a428500b002400d8a8d1dso8998598pjg.7 for ; Fri, 14 Apr 2023 18:55:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1681523741; x=1684115741; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:from:to:cc:subject:date:message-id :reply-to; bh=wgg0kRJ3s4RNAMUV5romv+CLC/70n6mh2aOg/nYLnSo=; b=LL3Uiq0aMFuWs5pOQABjTo2pDdSvJzIV26S0d1tlTc1KwOPzxxjJLPifBH+8GgN7Wq RUbePsbhn5MxmjmzRspLksuwKIh40zw2Q2KqlzTvTI3Zp3vnLOTu27NaX2IL+RuKrtGb ZlX8puvvxlmqZm76Lekxr8LNulJlU2AZ9f5cpQF3DWPUJB6T8U2iVOY7YkL1CuJXff3h D0CJ6qON1pffWZlnygSlyw8bQLlOOrbnMz1tJiTJSkK4Y3EdF2aRQVOdGye4cYVmfyEK EQ6+i1KIK9xvl/40puWq+/TnZ8AGwWtgaWRIJsrNfd5IuQJEu81YgeuBHIJqinei+sbL TqkA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681523741; x=1684115741; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=wgg0kRJ3s4RNAMUV5romv+CLC/70n6mh2aOg/nYLnSo=; b=E4+TYSJyuzbIEFWPLTN35MKNJ2buabSdpJmOQe7l47GtB0NgAMn+yoeHW4Wmze1BKt 0qllwY2Id4TafuZyMWBzsG4xqGDCBRY3KHZis62ISFAwLezQvXA8fVYu2bpVuwSfKvAe OQs73UG+qoUYeytOJCZgkiblEx7OcYyUL/0UXmliecBx84lty2ttPBpIOYy9LUR6pN9N x2Vot2SnP31k+mzbaZmVUbFrecid9x4teQT3c61mmsZ5WEOm5rYr073bM7T+MeMd7ISN mB2t/ZYFWMxOF7FyH+5301vXg1orcs1/3e8jd0xVyuU7w63HtxHxUdvgX24dk4N4dMi7 M8VQ== X-Gm-Message-State: AAQBX9eUTW7PTh7nH1paOlspSI43OxuyCZW2rOALTndiCUmxxhZSrrqL WR/QWdSmTFHGP8hWJbPLLn+Tmqc= X-Received: from sdf.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5935]) (user=sdf job=sendgmr) by 2002:a65:55cd:0:b0:514:3d3d:da5a with SMTP id k13-20020a6555cd000000b005143d3dda5amr1341981pgs.3.1681523741052; Fri, 14 Apr 2023 18:55:41 -0700 (PDT) Date: Fri, 14 Apr 2023 18:55:39 -0700 In-Reply-To: Mime-Version: 1.0 References: <20230413133355.350571-1-aleksandr.mikhalitsyn@canonical.com> <20230413133355.350571-3-aleksandr.mikhalitsyn@canonical.com> Message-ID: Subject: Re: [PATCH net-next v4 2/4] net: socket: add sockopts blacklist for BPF cgroup hook From: Stanislav Fomichev To: Aleksandr Mikhalitsyn Cc: Eric Dumazet , davem@davemloft.net, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, daniel@iogearbox.net, Jakub Kicinski , Paolo Abeni , Leon Romanovsky , David Ahern , Arnd Bergmann , Kees Cook , Christian Brauner , Kuniyuki Iwashima , Lennart Poettering , linux-arch@vger.kernel.org Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 04/13, Stanislav Fomichev wrote: > On Thu, Apr 13, 2023 at 7:38=E2=80=AFAM Aleksandr Mikhalitsyn > wrote: > > > > On Thu, Apr 13, 2023 at 4:22=E2=80=AFPM Eric Dumazet wrote: > > > > > > On Thu, Apr 13, 2023 at 3:35=E2=80=AFPM Alexander Mikhalitsyn > > > wrote: > > > > > > > > During work on SO_PEERPIDFD, it was discovered (thanks to Christian= ), > > > > that bpf cgroup hook can cause FD leaks when used with sockopts whi= ch > > > > install FDs into the process fdtable. > > > > > > > > After some offlist discussion it was proposed to add a blacklist of > > > > > > We try to replace this word by either denylist or blocklist, even in = changelogs. > > > > Hi Eric, > > > > Oh, I'm sorry about that. :( Sure. > > > > > > > > > socket options those can cause troubles when BPF cgroup hook is ena= bled. > > > > > > > > > > Can we find the appropriate Fixes: tag to help stable teams ? > > > > Sure, I will add next time. > > > > Fixes: 0d01da6afc54 ("bpf: implement getsockopt and setsockopt hooks") > > > > I think it's better to add Stanislav Fomichev to CC. >=20 > Can we use 'struct proto' bpf_bypass_getsockopt instead? We already > use it for tcp zerocopy, I'm assuming it should work in this case as > well? Jakub reminded me of the other things I wanted to ask here bug forgot: - setsockopt is probably not needed, right? setsockopt hook triggers before the kernel and shouldn't leak anything - for getsockopt, instead of bypassing bpf completely, should we instead ignore the error from the bpf program? that would still preserve the observability aspect - or maybe we can even have a per-proto bpf_getsockopt_cleanup call that gets called whenever bpf returns an error to make sure protocols have a chance to handle that condition (and free the fd) > > Kind regards, > > Alex > > > > > > > > > Cc: "David S. Miller" > > > > Cc: Eric Dumazet > > > > Cc: Jakub Kicinski > > > > Cc: Paolo Abeni > > > > Cc: Leon Romanovsky > > > > Cc: David Ahern > > > > Cc: Arnd Bergmann > > > > Cc: Kees Cook > > > > Cc: Christian Brauner > > > > Cc: Kuniyuki Iwashima > > > > Cc: Lennart Poettering > > > > Cc: linux-kernel@vger.kernel.org > > > > Cc: netdev@vger.kernel.org > > > > Cc: linux-arch@vger.kernel.org > > > > Suggested-by: Daniel Borkmann > > > > Suggested-by: Christian Brauner > > > > Signed-off-by: Alexander Mikhalitsyn > > > > > > Thanks.