Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp7474111rwr; Wed, 10 May 2023 08:38:58 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6LgWH4uFxAbyxNq8VjNiEAVUhUsK4MUz2aiPWTTb8GXyeQp/ecv6i6SJqIZdJmV4y37lgh X-Received: by 2002:a17:902:7b87:b0:1aa:da53:dd9b with SMTP id w7-20020a1709027b8700b001aada53dd9bmr17806892pll.28.1683733138597; Wed, 10 May 2023 08:38:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1683733138; cv=none; d=google.com; s=arc-20160816; b=y5pv4MsGykOxVNWeedmI/JNVk4J9vijFGvL+eAXFMR4zn2K3HiW4nLSlhroQU017Lr 42bAaiJmOMS0utZli7bojVQK7hXVhV/I/TWH04BrMxN4tkBuQ6sDcWTcw9XDNxsYaZSg nKOF7ZJW2iKti14m8JP4ZkOInNyGJfR/zfQl+Cyp1aL3oQ3n6Je27Pmv4JD98PwHGUQr XsvqSqU5SSjt5HKpSRaerL6CbhOToyAvG+8Q35N3b68gzcT1nUwHgeqx1+cEyRPYzZEE SzcIRBqYLw4Ao1vsxYCpIxhYvIe6Pwt6wAoJY/KVV6FaVHN799nwgFpQWESZhd8Kn3WB kmmA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=REcjCSTFLW6DxVGPSke0wQC0F9pbu2fUgTklQWt5AuI=; b=j4BnQLM2yiVA5UiEVcfTOtDHOG7Ih0Sx5WwnBuvl3PlCpO3zlQvY0kqpFBPDrsaeND pbe7iz/3P19Bf6dP6kIOsNQsbT0laIXMD6NKd8v6u2394J97V9QNT5iTY7cGpgLIx9Nn cmZkmtOUCq9f9RU20tdsrtqr924zfboPdetiJ90k/HM0VZaO1btuPZ7i4d1a7mSzM8BG ASKToLgLeQnAEcKKUVzd58lRYlsgS5zjAO3YshuJrF1qKJgyTj1DDhSIItepWnHPgLwA O3jvf10xJwVJlevK5S8GJ4dzo8+WN2MNIB9QuyMFvYKNR+90J8tp4HUFODLaxp5zNvQq Sgyw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b="o+2J/3tb"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n10-20020a170902d2ca00b001ac68821a75si4600056plc.633.2023.05.10.08.38.43; Wed, 10 May 2023 08:38:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b="o+2J/3tb"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237522AbjEJOz6 (ORCPT + 99 others); Wed, 10 May 2023 10:55:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55464 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237146AbjEJOz4 (ORCPT ); Wed, 10 May 2023 10:55:56 -0400 Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7BC8C2D64 for ; Wed, 10 May 2023 07:55:51 -0700 (PDT) Received: from mail-yw1-f199.google.com (mail-yw1-f199.google.com [209.85.128.199]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 06C7F3F486 for ; Wed, 10 May 2023 14:55:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1683730550; bh=REcjCSTFLW6DxVGPSke0wQC0F9pbu2fUgTklQWt5AuI=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=o+2J/3tbfyLj6RT2oluFPEB/bbr7CFRh1DtwVnVK3fkQeXD0R83TW4HA40XBDtb15 34pOFttCnnOKpO7nhcq6pl1xpi4bdA/ZchnP1f2Jj/B1N4fMJoptbOwrPZAhcLiRER c51R4T6W6PPZVSLTyHTGDDx/JkKVrXSbMzbhsmDM9cqMBIHmEl/agC6iF75uJzxfLn xWBoCja0euBpNqhOP9LDp2qnajbOYdWCHhPyq3KwyxR9gKdjQLyfw7YjbZhfirocrL mv4wwL06FA/jruB2Y29vsCn2sdAS08pyB+y2MPSWQQ+bOTT4mur3OinRkdp81dQblY XLcoy4NMxmzqg== Received: by mail-yw1-f199.google.com with SMTP id 00721157ae682-55a1aec6693so123247907b3.1 for ; Wed, 10 May 2023 07:55:49 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683730549; x=1686322549; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=REcjCSTFLW6DxVGPSke0wQC0F9pbu2fUgTklQWt5AuI=; b=lDA82O+/LpZRpxrnZcaprqFC/Yz9aXrd1zJoVgjiNK9fEYngaZFVZe/rne8XlPgiYM gWkGJCjJWNod0C+5gUhhJPGGhqCPsqOm7N+Ffo555Ea1o6OkoNDSK0y/zY7l2OblxPuv g/wIg6FUnQ75F/dq7Brj/lmcn97h33aT26kbaeTFM1ClKdV+PvBTcHSrRhrY8gKBL8B2 UoD0LrgkzLhf1ZjcuKEyMBxgJgZ7Ds3djYJbm78IK07AJ5X+dxjstCZjuaWBbyouoK+/ wVAyumkC/eF8R743je4/2hc75cj5ibrDmt9E6T1AoeT/YYiRHanPl3HdYCgVG4ZThng3 9KHA== X-Gm-Message-State: AC+VfDwv6WSm7VcFXruSf2nAgRqtk9Jsi6/4ECfbCdlK2nYDyXv31Utb 5HG1jBMwHlz0b5YfBGCj12oir/vJXAeeP9gVn+YjJ+vfkJvUdC3x/RkS52tu0lGrUtEuefpfs/a 1Q2IbUGqcMsj88VagDQwbOZHPVqmnzLUxRUCgSnyJZXAqoC6x64ca2ZolnQ== X-Received: by 2002:a81:83c7:0:b0:559:f029:992d with SMTP id t190-20020a8183c7000000b00559f029992dmr19067702ywf.24.1683730548827; Wed, 10 May 2023 07:55:48 -0700 (PDT) X-Received: by 2002:a81:83c7:0:b0:559:f029:992d with SMTP id t190-20020a8183c7000000b00559f029992dmr19067692ywf.24.1683730548592; Wed, 10 May 2023 07:55:48 -0700 (PDT) MIME-Version: 1.0 References: <20230510131527.1244929-1-aleksandr.mikhalitsyn@canonical.com> In-Reply-To: From: Aleksandr Mikhalitsyn Date: Wed, 10 May 2023 16:55:37 +0200 Message-ID: Subject: Re: [PATCH net-next] sctp: add bpf_bypass_getsockopt proto callback To: Marcelo Ricardo Leitner Cc: nhorman@tuxdriver.com, davem@davemloft.net, Daniel Borkmann , Christian Brauner , Stanislav Fomichev , Xin Long , linux-sctp@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, May 10, 2023 at 4:39=E2=80=AFPM Marcelo Ricardo Leitner wrote: > > On Wed, May 10, 2023 at 03:15:27PM +0200, Alexander Mikhalitsyn wrote: > > Add bpf_bypass_getsockopt proto callback and filter out > > SCTP_SOCKOPT_PEELOFF and SCTP_SOCKOPT_PEELOFF_FLAGS socket options > > from running eBPF hook on them. > > > > These options do fd_install(), and if BPF_CGROUP_RUN_PROG_GETSOCKOPT > > hook returns an error after success of the original handler > > sctp_getsockopt(...), userspace will receive an error from getsockopt > > syscall and will be not aware that fd was successfully installed into f= dtable. > > > > This patch was born as a result of discussion around a new SCM_PIDFD in= terface: > > https://lore.kernel.org/all/20230413133355.350571-3-aleksandr.mikhalits= yn@canonical.com/ > > I read some of the emails in there but I don't get why the fd leak is > special here. I mean, I get that it leaks, but masking the error > return like this can lead to several other problems in the application > as well. > > For example, SCTP_SOCKOPT_CONNECTX3 will trigger a connect(). If it > failed, and the hook returns success, the user app will at least log a > wrong "connection successful". > > If the hook can't be responsible for cleaning up before returning a > different value, then maybe we want to extend the list of sockopts in > here. AFAICT these would be the 3 most critical sockopts. > Dear Marcelo, Thanks for pointing this out. Initially this problem was discovered by Christian Brauner and for SO_PEERPIDFD (a new SOL_SOCKET option that we want to add), after this I decided to check if we do fd_install in any other socket options in the kernel and found that we have 2 cases in SCTP. It was an accidental finding. :) So, this patch isn't specific to fd_install things and probably we should filter out bpf hook from being called for other socket options as well. So, I need to filter out SCTP_SOCKOPT_CONNECTX3 and SCTP_SOCKOPT_PEELOFF* for SCTP, right? Kind regards, Alex