Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp8812963rwr; Thu, 11 May 2023 06:37:21 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7nIt6u0uqaY4ODE0+xdPT0Z4AOhhNgvGzf2E3Va/iVTPgiBWA+kwwoTqgEzhrNZxF94KD/ X-Received: by 2002:a17:90b:1c8a:b0:24e:f03:6b8f with SMTP id oo10-20020a17090b1c8a00b0024e0f036b8fmr19110897pjb.48.1683812241149; Thu, 11 May 2023 06:37:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1683812241; cv=none; d=google.com; s=arc-20160816; b=UeLTlvwLSqxNAn3czWAR/B+UeKsz8Nv5lsuTf5Awm4daw80j2+ia9KpTH+9yPLMOPy UD6BPHZgsn8av6H8dNfA2f8ClWDqv3M4O0Cig311nA+67kcov6n7rtkaXDZG633PxxNV mLfpfj7ncfD8LU1iYCiU5G1kz6s61XFbKyLdD3BR8IHa8kP1k0uovcvjZ4uwn+wWTvDB in0RV+y+VconsFu3y3Ut6tOeqDMki1B+O+saexzs0SSLhbARe6gslam94XXn1mopCu9J QxJ1DHAMA0R/3TFdpGIMmnGewocD/i++TqlZrRj7F6wA7f9+/8ZSHNIkZjPwd/qmUhPP cyhQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=m2aglLzj59IDe2YRddHUMhQ3rLFV7cQYGKs/XvBV6DE=; b=KkLYCYqeRILcSRiLgSDWS/wv+5U7vRo5VnHsJtM1zffAwviKUC1jZO8gWLUgad25GI hjHFE/DBkjbv/dIpSePcBLAFFPwv4jhTygbu7qmDYiLx+2sBSETdH1zJc+cnupCgSLKc lWNOyn3c4dD2yM1El62C8X4ECUT+VnvmUJ6UzSHdV2sQbLChHLiWvXisVqy1aF3GlTZo VfH3E9an839De3JrtzjYsEtxjEscngYNWUeukC1ECr4PLBZx8OnJ7Dhh/ofNUebQLUT6 Mpm9ammovcvTZUdZRGyVmO6KItcN8uyIyT2mlPylHe+g5C+Gvo3OP7NoT1ATF/D03tgu 3UWw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=SYbnTuuQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p7-20020a170902e74700b001a55571febesi2770188plf.277.2023.05.11.06.37.08; Thu, 11 May 2023 06:37:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=SYbnTuuQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238266AbjEKNfI (ORCPT + 99 others); Thu, 11 May 2023 09:35:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51206 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238234AbjEKNek (ORCPT ); Thu, 11 May 2023 09:34:40 -0400 Received: from mail-ot1-x32d.google.com (mail-ot1-x32d.google.com [IPv6:2607:f8b0:4864:20::32d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CA98693EB; Thu, 11 May 2023 06:33:53 -0700 (PDT) Received: by mail-ot1-x32d.google.com with SMTP id 46e09a7af769-6ab174bb726so1378416a34.1; Thu, 11 May 2023 06:33:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1683812033; x=1686404033; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=m2aglLzj59IDe2YRddHUMhQ3rLFV7cQYGKs/XvBV6DE=; b=SYbnTuuQhgUEC4Q3WnfSFm+++sjbH4Y3ztp0dplhFsGdflL5axk1g6hS8thDmGwbdl h57NgrdSWyktyx6TOpnykYGVFkFrRdnwNn01mb2+JLzeIUSV2Js/4nDwKzW9j3z0Waa7 /s7tyNkP1PWkKprL79GkslJNU5GeUadPfM/IT2KzfW8zom293/E9g/xO/noQJKmvTdtf iY7buVV/BpyX6+9Tj2S4b43ArOi0rVmeiiSgBUuA2u+I+hBAGDGab3hCTiQHUabvInu3 LHwVaC3r+H8qDHAenDb//pphexidJclxuM61dYYFwSSAmZkuKRdv0aQkFdinNDQUHLTB eFKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683812033; x=1686404033; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=m2aglLzj59IDe2YRddHUMhQ3rLFV7cQYGKs/XvBV6DE=; b=gmrJojkU7AE6qlA1l2ScHYQnG+5WkUf+y22vC0sKorsWSkuVLfFAvKWeZBhdkYxXuY QaPaYDU1NpbWzUb6XcCCOZdcZW+giGJM65T2K9zsejkjZPcs7bR6JhV3yizH0KjfgWoe WsBvOhD8eQR366A+YlsRgTmHfzrlCLQ/6pdGBOtQ1px5cqBzTJqtePA1OveORXzhdV/J 31NUH0Wg0u+8GpsdkNM9L8fTsalGxBaEZFmIUwis38Xc5CjTGapiRk/M/yA5yla/Sp0e 7fT6uu8lV9hxmtl0mkbCJ1Wov94BuUvdzF/TS3WC/BvUB7yhUHDQETUsRCVq9JJvRHP4 E4IQ== X-Gm-Message-State: AC+VfDweBNPDjBg9QCBrCgIDHLLlIHstNn2lJEg9I9xLOO5Qz3SIucxj LowB1xFM/23aPacerEAIngk= X-Received: by 2002:aca:d15:0:b0:38c:25e3:d9d2 with SMTP id 21-20020aca0d15000000b0038c25e3d9d2mr3889379oin.57.1683812030923; Thu, 11 May 2023 06:33:50 -0700 (PDT) Received: from t14s.localdomain ([177.220.174.87]) by smtp.gmail.com with ESMTPSA id j4-20020a4aea44000000b00549f2828585sm142645ooe.33.2023.05.11.06.33.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 May 2023 06:33:50 -0700 (PDT) Received: by t14s.localdomain (Postfix, from userid 1000) id 5AE10617084; Thu, 11 May 2023 10:33:48 -0300 (-03) Date: Thu, 11 May 2023 10:33:48 -0300 From: Marcelo Ricardo Leitner To: Alexander Mikhalitsyn Cc: nhorman@tuxdriver.com, davem@davemloft.net, Daniel Borkmann , Christian Brauner , Stanislav Fomichev , Xin Long , linux-sctp@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org Subject: Re: [PATCH net-next v3] sctp: add bpf_bypass_getsockopt proto callback Message-ID: References: <20230511132506.379102-1-aleksandr.mikhalitsyn@canonical.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230511132506.379102-1-aleksandr.mikhalitsyn@canonical.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, May 11, 2023 at 03:25:06PM +0200, Alexander Mikhalitsyn wrote: > Implement ->bpf_bypass_getsockopt proto callback and filter out > SCTP_SOCKOPT_PEELOFF, SCTP_SOCKOPT_PEELOFF_FLAGS and SCTP_SOCKOPT_CONNECTX3 > socket options from running eBPF hook on them. > > SCTP_SOCKOPT_PEELOFF and SCTP_SOCKOPT_PEELOFF_FLAGS options do fd_install(), > and if BPF_CGROUP_RUN_PROG_GETSOCKOPT hook returns an error after success of > the original handler sctp_getsockopt(...), userspace will receive an error > from getsockopt syscall and will be not aware that fd was successfully > installed into a fdtable. > > As pointed by Marcelo Ricardo Leitner it seems reasonable to skip > bpf getsockopt hook for SCTP_SOCKOPT_CONNECTX3 sockopt too. > Because internaly, it triggers connect() and if error is masked > then userspace will be confused. > > This patch was born as a result of discussion around a new SCM_PIDFD interface: > https://lore.kernel.org/all/20230413133355.350571-3-aleksandr.mikhalitsyn@canonical.com/ > > Fixes: 0d01da6afc54 ("bpf: implement getsockopt and setsockopt hooks") > Cc: Daniel Borkmann > Cc: Christian Brauner > Cc: Stanislav Fomichev > Cc: Neil Horman > Cc: Marcelo Ricardo Leitner > Cc: Xin Long > Cc: linux-sctp@vger.kernel.org > Cc: linux-kernel@vger.kernel.org > Cc: netdev@vger.kernel.org > Suggested-by: Stanislav Fomichev > Acked-by: Stanislav Fomichev > Signed-off-by: Alexander Mikhalitsyn Thx! Acked-by: Marcelo Ricardo Leitner