Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp8888744rwr; Thu, 11 May 2023 07:26:54 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5/U5Bw1swNZGXHooYD7XPym75L2iFDq1LeUD3xk/rjkl1D2NzhezrgRGvmwpMMjSF2J0ff X-Received: by 2002:a17:902:9897:b0:1ab:1bdd:b307 with SMTP id s23-20020a170902989700b001ab1bddb307mr19880632plp.51.1683815214587; Thu, 11 May 2023 07:26:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1683815214; cv=none; d=google.com; s=arc-20160816; b=cGPHktQHT3GYRvsPrbuxd9nZhjwC9V7Acy1dRvgBp3GI4tSuFn7C7QOgu66tdD/yoZ 1HqQCivmKEz6Q/b/5e9grTXkbyQGd9HXmtYmdL1kqJY+enqhCrbsENbC++nAEeWVCEWq tRgZIG2gggZsr9nVZWo3xIsvPHxSw/zrQi4K4zLcJLasfDJeHgz8XEpAOU8q8qQcp0H8 Gg7uhyVLcSjLMAJtXVg4Y9g5HgulCTCboR44Knx7uzRCVEZLjjwyZvGgwQlsoH1KE9J7 H2LgTU6biuozvk9LP+h83MFkhJH5nW/GyEzfWlfZNt8Lt5GsE1CxyRmvpgPa/BhpdVjI wPVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=xKY9YekxY/iBJ1MUypVNqcAKnynmeC9XzGISSlKZ2W4=; b=RXmdDtNxbuebyfzT+SiQvODN1Xkt2byfPELwiv0VxqYnm1YFq6q6nmRtt9RWYABES8 g+ZuDwWAsfhDusM7ihiCbaRet4Rpvuu1vVD4PwMhKH4DZOiAb5xV6tEEEErMJtpCxFJ9 ANPIeFlcDP4xlGhSA9Pn/5jl0BvnXLNKzLHBQ6njqmox3gYv4V9Vkad46teb2TPM1iKw WeYwEkdNy0/JOr9ETVArzEgbhc1bw6jCOC+51gUNQsbzWofDn2gXREdUoNCSPUYNabV8 csA4pSGSkpWs+MEuTiYtsbVdWt2zb/cjDoBpEXDB0AQMrNbA5GW3YI5nC+Kh+FmN60X2 8aEA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=fTLFIpGf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x3-20020a170902ec8300b001ab19e023a1si7219129plg.375.2023.05.11.07.26.39; Thu, 11 May 2023 07:26:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=fTLFIpGf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238341AbjEKOWc (ORCPT + 99 others); Thu, 11 May 2023 10:22:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39790 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238344AbjEKOVx (ORCPT ); Thu, 11 May 2023 10:21:53 -0400 Received: from mail-yw1-x1132.google.com (mail-yw1-x1132.google.com [IPv6:2607:f8b0:4864:20::1132]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 15EC5106E6; Thu, 11 May 2023 07:21:24 -0700 (PDT) Received: by mail-yw1-x1132.google.com with SMTP id 00721157ae682-55a79671a4dso133641607b3.2; Thu, 11 May 2023 07:21:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1683814883; x=1686406883; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=xKY9YekxY/iBJ1MUypVNqcAKnynmeC9XzGISSlKZ2W4=; b=fTLFIpGf0OGsdXXfGZXW1PWWd7njzgCkMMAm4N9WZJmZcnRxOwZfcWLAF49ZoLufUQ yKEmXE/Z+V3OzA83l/pymwNSwz35LXpG6gy6ShOKQF75Ia3BcCNBY7O5UQcPwj14ktBK U2BR3i5/M5zN4xlzpP01urtLoR4YaMkceH6xBFilkHpkxDA3Ddf0uWgZ0qdo/lOtNuZ3 DJj07N3VRSBYSPq8GDJb70Q+ml2e8n4ejNYxvkMyOs9dyNHAS36oJaskOVJ+1onqNg0z imLKXyPb3cGuwgIbqHjCeaswPqu8UDu3OHqYIYGACRWO4Unyb6YIjyeeGRfURaKDEHew Acfg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683814883; x=1686406883; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=xKY9YekxY/iBJ1MUypVNqcAKnynmeC9XzGISSlKZ2W4=; b=dSjpsz3ACemVtXRxQ8mqfY7PrkY4+YcpRmPpCZJMlBUKXuVLLoczwVFxaVI5zw455L qX73IHW8nfbV0Lx0HBq7mdOWaE/uJ4FepBncBcggHyv1RZKEvvgAN8Iw4o2iDglZYEO3 Otob+wRX9wbxY31rb1Fox/rS9XFsZ1ZlC8cobbi5bN8RL6Q7CoamWQ1e2rFjdwevUnL2 lvNpvuCbbG2s6a2dbPq8ULavIyUfFIbno/sfXichodcHPVdKxwPM6moBzXR1JMxrwA6P egcuoem6o8Mb/T3xX6JTejyZ68zUuFMVuY9QWlPP7NIVk6ZcCabMBpbLPh64CUlkCf9U tTqQ== X-Gm-Message-State: AC+VfDz/rY/47gWYKtUJG4NujudH9fh+j0uXWcIs3ahVQ5Aps9cMGNjG W/LM1D9l5Xy3be7efJBDh2vGSZN2UiB7DPpaAy4= X-Received: by 2002:a0d:db47:0:b0:55a:1cb0:b255 with SMTP id d68-20020a0ddb47000000b0055a1cb0b255mr22195556ywe.37.1683814883262; Thu, 11 May 2023 07:21:23 -0700 (PDT) MIME-Version: 1.0 References: <20230511132506.379102-1-aleksandr.mikhalitsyn@canonical.com> In-Reply-To: From: Xin Long Date: Thu, 11 May 2023 10:20:57 -0400 Message-ID: Subject: Re: [PATCH net-next v3] sctp: add bpf_bypass_getsockopt proto callback To: Marcelo Ricardo Leitner Cc: Alexander Mikhalitsyn , nhorman@tuxdriver.com, davem@davemloft.net, Daniel Borkmann , Christian Brauner , Stanislav Fomichev , linux-sctp@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, May 11, 2023 at 9:33=E2=80=AFAM Marcelo Ricardo Leitner wrote: > > On Thu, May 11, 2023 at 03:25:06PM +0200, Alexander Mikhalitsyn wrote: > > Implement ->bpf_bypass_getsockopt proto callback and filter out > > SCTP_SOCKOPT_PEELOFF, SCTP_SOCKOPT_PEELOFF_FLAGS and SCTP_SOCKOPT_CONNE= CTX3 > > socket options from running eBPF hook on them. > > > > SCTP_SOCKOPT_PEELOFF and SCTP_SOCKOPT_PEELOFF_FLAGS options do fd_insta= ll(), > > and if BPF_CGROUP_RUN_PROG_GETSOCKOPT hook returns an error after succe= ss of > > the original handler sctp_getsockopt(...), userspace will receive an er= ror > > from getsockopt syscall and will be not aware that fd was successfully > > installed into a fdtable. > > > > As pointed by Marcelo Ricardo Leitner it seems reasonable to skip > > bpf getsockopt hook for SCTP_SOCKOPT_CONNECTX3 sockopt too. > > Because internaly, it triggers connect() and if error is masked > > then userspace will be confused. > > > > This patch was born as a result of discussion around a new SCM_PIDFD in= terface: > > https://lore.kernel.org/all/20230413133355.350571-3-aleksandr.mikhalits= yn@canonical.com/ > > > > Fixes: 0d01da6afc54 ("bpf: implement getsockopt and setsockopt hooks") > > Cc: Daniel Borkmann > > Cc: Christian Brauner > > Cc: Stanislav Fomichev > > Cc: Neil Horman > > Cc: Marcelo Ricardo Leitner > > Cc: Xin Long > > Cc: linux-sctp@vger.kernel.org > > Cc: linux-kernel@vger.kernel.org > > Cc: netdev@vger.kernel.org > > Suggested-by: Stanislav Fomichev > > Acked-by: Stanislav Fomichev > > Signed-off-by: Alexander Mikhalitsyn > > Thx! > > Acked-by: Marcelo Ricardo Leitner Acked-by: Xin Long