[bpf-next,v2] Only run BPF cgroup unix sockaddr recvmsg() hooks on named sockets

Commit Message

Daan De Meyer Oct. 12, 2023, 8:52 a.m. UTC

Changes since v1:

* Added missing Signed-off-by tag

We should not run the recvmsg() hooks on unnamed sockets as we do
not run them on unnamed sockets in the other hooks either. We may
look into relaxing this later but for now let's make sure we are
consistent and not run the hooks on unnamed sockets anywhere.

Signed-off-by: Daan De Meyer <daan.j.demeyer@gmail.com>
---
 net/unix/af_unix.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

--
2.41.0

Comments

Kuniyuki Iwashima Oct. 12, 2023, 6:11 p.m. UTC | #1

From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 12 Oct 2023 10:52:13 +0200
> Changes since v1:
> 
> * Added missing Signed-off-by tag

You can put these after --- so that it will disappear when merged.


> 
> We should not run the recvmsg() hooks on unnamed sockets as we do
> not run them on unnamed sockets in the other hooks either. We may
> look into relaxing this later but for now let's make sure we are
> consistent and not run the hooks on unnamed sockets anywhere.
> 
> Signed-off-by: Daan De Meyer <daan.j.demeyer@gmail.com>
> ---
>  net/unix/af_unix.c | 14 ++++++++------
>  1 file changed, 8 insertions(+), 6 deletions(-)
> 
> diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
> index e10d07c76044..81fb8bddaff9 100644
> --- a/net/unix/af_unix.c
> +++ b/net/unix/af_unix.c
> @@ -2416,9 +2416,10 @@ int __unix_dgram_recvmsg(struct sock *sk, struct msghdr *msg, size_t size,
>  	if (msg->msg_name) {
>  		unix_copy_addr(msg, skb->sk);

How is an unnamed socket set to skb->sk ?


> 
> -		BPF_CGROUP_RUN_PROG_UNIX_RECVMSG_LOCK(sk,
> -						      msg->msg_name,
> -						      &msg->msg_namelen);
> +		if (msg->msg_namelen > 0)
> +			BPF_CGROUP_RUN_PROG_UNIX_RECVMSG_LOCK(sk,
> +							      msg->msg_name,
> +							      &msg->msg_namelen);
>  	}
> 
>  	if (size > skb->len - skip)
> @@ -2773,9 +2774,10 @@ static int unix_stream_read_generic(struct unix_stream_read_state *state,
>  					 state->msg->msg_name);
>  			unix_copy_addr(state->msg, skb->sk);
> 
> -			BPF_CGROUP_RUN_PROG_UNIX_RECVMSG_LOCK(sk,
> -							      state->msg->msg_name,
> -							      &state->msg->msg_namelen);
> +			if (state->msg->msg_namelen > 0)
> +				BPF_CGROUP_RUN_PROG_UNIX_RECVMSG_LOCK(sk,
> +								      state->msg->msg_name,
> +								      &state->msg->msg_namelen);
> 
>  			sunaddr = NULL;
>  		}
> --
> 2.41.0
>

Martin KaFai Lau Oct. 16, 2023, 6:33 p.m. UTC | #2

On 10/12/23 11:11 AM, Kuniyuki Iwashima wrote:
> From: Daan De Meyer <daan.j.demeyer@gmail.com>
> Date: Thu, 12 Oct 2023 10:52:13 +0200
>> Changes since v1:
>>
>> * Added missing Signed-off-by tag
> 
> You can put these after --- so that it will disappear when merged.
> 
> 
>>
>> We should not run the recvmsg() hooks on unnamed sockets as we do
>> not run them on unnamed sockets in the other hooks either. We may
>> look into relaxing this later but for now let's make sure we are
>> consistent and not run the hooks on unnamed sockets anywhere.
>>
>> Signed-off-by: Daan De Meyer <daan.j.demeyer@gmail.com>
>> ---
>>   net/unix/af_unix.c | 14 ++++++++------
>>   1 file changed, 8 insertions(+), 6 deletions(-)
>>
>> diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
>> index e10d07c76044..81fb8bddaff9 100644
>> --- a/net/unix/af_unix.c
>> +++ b/net/unix/af_unix.c
>> @@ -2416,9 +2416,10 @@ int __unix_dgram_recvmsg(struct sock *sk, struct msghdr *msg, size_t size,
>>   	if (msg->msg_name) {
>>   		unix_copy_addr(msg, skb->sk);
> 
> How is an unnamed socket set to skb->sk ?

I had a similar question. Most likely socketpair? Please add an explanation in 
the commit message in v3. Please also help to add a selftest for this case.

> 
> 
>>
>> -		BPF_CGROUP_RUN_PROG_UNIX_RECVMSG_LOCK(sk,
>> -						      msg->msg_name,
>> -						      &msg->msg_namelen);
>> +		if (msg->msg_namelen > 0)
>> +			BPF_CGROUP_RUN_PROG_UNIX_RECVMSG_LOCK(sk,
>> +							      msg->msg_name,
>> +							      &msg->msg_namelen);
>>   	}
>>
>>   	if (size > skb->len - skip)
>> @@ -2773,9 +2774,10 @@ static int unix_stream_read_generic(struct unix_stream_read_state *state,
>>   					 state->msg->msg_name);
>>   			unix_copy_addr(state->msg, skb->sk);
>>
>> -			BPF_CGROUP_RUN_PROG_UNIX_RECVMSG_LOCK(sk,
>> -							      state->msg->msg_name,
>> -							      &state->msg->msg_namelen);
>> +			if (state->msg->msg_namelen > 0)
>> +				BPF_CGROUP_RUN_PROG_UNIX_RECVMSG_LOCK(sk,
>> +								      state->msg->msg_name,
>> +								      &state->msg->msg_namelen);
>>
>>   			sunaddr = NULL;
>>   		}
>> --
>> 2.41.0
>>

Kuniyuki Iwashima Oct. 16, 2023, 6:47 p.m. UTC | #3

From: Martin KaFai Lau <martin.lau@linux.dev>
Date: Mon, 16 Oct 2023 11:33:36 -0700
> On 10/12/23 11:11 AM, Kuniyuki Iwashima wrote:
> > From: Daan De Meyer <daan.j.demeyer@gmail.com>
> > Date: Thu, 12 Oct 2023 10:52:13 +0200
> >> Changes since v1:
> >>
> >> * Added missing Signed-off-by tag
> > 
> > You can put these after --- so that it will disappear when merged.
> > 
> > 
> >>
> >> We should not run the recvmsg() hooks on unnamed sockets as we do
> >> not run them on unnamed sockets in the other hooks either. We may
> >> look into relaxing this later but for now let's make sure we are
> >> consistent and not run the hooks on unnamed sockets anywhere.
> >>
> >> Signed-off-by: Daan De Meyer <daan.j.demeyer@gmail.com>
> >> ---
> >>   net/unix/af_unix.c | 14 ++++++++------
> >>   1 file changed, 8 insertions(+), 6 deletions(-)
> >>
> >> diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
> >> index e10d07c76044..81fb8bddaff9 100644
> >> --- a/net/unix/af_unix.c
> >> +++ b/net/unix/af_unix.c
> >> @@ -2416,9 +2416,10 @@ int __unix_dgram_recvmsg(struct sock *sk, struct msghdr *msg, size_t size,
> >>   	if (msg->msg_name) {
> >>   		unix_copy_addr(msg, skb->sk);
> > 
> > How is an unnamed socket set to skb->sk ?
> 
> I had a similar question. Most likely socketpair? Please add an explanation in 
> the commit message in v3. Please also help to add a selftest for this case.

Ah exactly, socketpair() for SOCK_STREAM does it.


> 
> > 
> > 
> >>
> >> -		BPF_CGROUP_RUN_PROG_UNIX_RECVMSG_LOCK(sk,
> >> -						      msg->msg_name,
> >> -						      &msg->msg_namelen);
> >> +		if (msg->msg_namelen > 0)
> >> +			BPF_CGROUP_RUN_PROG_UNIX_RECVMSG_LOCK(sk,
> >> +							      msg->msg_name,
> >> +							      &msg->msg_namelen);
> >>   	}
> >>
> >>   	if (size > skb->len - skip)
> >> @@ -2773,9 +2774,10 @@ static int unix_stream_read_generic(struct unix_stream_read_state *state,
> >>   					 state->msg->msg_name);
> >>   			unix_copy_addr(state->msg, skb->sk);
> >>
> >> -			BPF_CGROUP_RUN_PROG_UNIX_RECVMSG_LOCK(sk,
> >> -							      state->msg->msg_name,
> >> -							      &state->msg->msg_namelen);
> >> +			if (state->msg->msg_namelen > 0)
> >> +				BPF_CGROUP_RUN_PROG_UNIX_RECVMSG_LOCK(sk,
> >> +								      state->msg->msg_name,
> >> +								      &state->msg->msg_namelen);
> >>
> >>   			sunaddr = NULL;
> >>   		}
> >> --
> >> 2.41.0

Patch

diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index e10d07c76044..81fb8bddaff9 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -2416,9 +2416,10 @@  int __unix_dgram_recvmsg(struct sock *sk, struct msghdr *msg, size_t size,
 	if (msg->msg_name) {
 		unix_copy_addr(msg, skb->sk);

-		BPF_CGROUP_RUN_PROG_UNIX_RECVMSG_LOCK(sk,
-						      msg->msg_name,
-						      &msg->msg_namelen);
+		if (msg->msg_namelen > 0)
+			BPF_CGROUP_RUN_PROG_UNIX_RECVMSG_LOCK(sk,
+							      msg->msg_name,
+							      &msg->msg_namelen);
 	}

 	if (size > skb->len - skip)
@@ -2773,9 +2774,10 @@  static int unix_stream_read_generic(struct unix_stream_read_state *state,
 					 state->msg->msg_name);
 			unix_copy_addr(state->msg, skb->sk);

-			BPF_CGROUP_RUN_PROG_UNIX_RECVMSG_LOCK(sk,
-							      state->msg->msg_name,
-							      &state->msg->msg_namelen);
+			if (state->msg->msg_namelen > 0)
+				BPF_CGROUP_RUN_PROG_UNIX_RECVMSG_LOCK(sk,
+								      state->msg->msg_name,
+								      &state->msg->msg_namelen);

 			sunaddr = NULL;
 		}