From patchwork Tue Apr 18 22:53:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stanislav Fomichev X-Patchwork-Id: 13216210 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1389DC77B76 for ; Tue, 18 Apr 2023 22:53:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230070AbjDRWxt (ORCPT ); Tue, 18 Apr 2023 18:53:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39652 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229526AbjDRWxs (ORCPT ); Tue, 18 Apr 2023 18:53:48 -0400 Received: from mail-pl1-x649.google.com (mail-pl1-x649.google.com [IPv6:2607:f8b0:4864:20::649]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 62DB92D62 for ; Tue, 18 Apr 2023 15:53:47 -0700 (PDT) Received: by mail-pl1-x649.google.com with SMTP id d9443c01a7336-1a69a078eefso11175475ad.2 for ; Tue, 18 Apr 2023 15:53:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1681858427; x=1684450427; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=C6n8HUKJS4l45R+zU2zt1qNsJUjLjbYoUfgWsoXx1DY=; b=ncxA9ElCCEkIqcg6o1TtUMeMTEaXejApjUfQPjzbYAlmY4Y/kJrfdpl5oxaBidcI2i xn1iuJDMhgOsPIqU+GP9HwcWTxZ+hZoU4UONGdb21HqrDkx19LPOltdM67OTc98pzgev 03yS72TdxRoI7PUHEZSkl1n5NTEbk0O2rPXYjLATeV1hxYY63wjDSYSapq0s6FWsLrzc ZL9v6cUWjdRJ8IDkmtmSg5ZVQ37J6M62Yd1c7ZWcKxOTy8s9QnxLaIowYSnPopGj2uZ5 ntnPcxct+fw62gEvJW7YA2GzfJDeAnXuI4+zAagPat/u97jOimCeHfgBkr3RSW5DWAgO 5Tyw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681858427; x=1684450427; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=C6n8HUKJS4l45R+zU2zt1qNsJUjLjbYoUfgWsoXx1DY=; b=U9jaGqp5yosmZimhJS4S6+KuhEyuCYlXnx+2S2ZLUP7sgRU4QzGgYwiEG31alMUHhG /tk+gA3PExHHUP1dWtGn6Z3N/nFrtzuB05+pegJYoiCZjK8dTkfkv/gFvfa32zU7sXu+ KetQeSLdQldgym+a7lVvQKwFuthsIJCgS2vZJ6JigDfEMFWXt7hNXMXJOzRRGlIjVhCv SNDcj4/NmkUICxtgNyOr37UY0EnQlPl8nZpc6gC4tNy1dPLt90nx56LbVDXv1OwWMVAE vD6rBwhj8sSkVNRKgsXuiNdJpWGfseDsSRsfnLPJl4J7NiUFZ+VLUlhTvBxqUYigSzQ0 JicA== X-Gm-Message-State: AAQBX9d3nA936Xoj6yMlWcC5F6E79NepG/6wVbl3cQjdL1AXYIsp4VAn zQ+maYTOhQ7q18GL3KqA89KAWtIbszsjWiOxqNjui3pRF7I6eJDJlaWTRbz3HAKOTXihIb2+aWF 552u+hQjrfeCU4elrbED6GfddilaEm6HXB+ng2e4HRfB1cYMeNA== X-Google-Smtp-Source: AKy350a8oO24AEnseSUmxh1/7s1gvf9F5BoyRb9H92io83X7LaOf2dUqFJ7YcwU9BCebTyYh/TLUfOo= X-Received: from sdf.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5935]) (user=sdf job=sendgmr) by 2002:a17:902:d4ce:b0:1a6:b0d3:57f4 with SMTP id o14-20020a170902d4ce00b001a6b0d357f4mr1442243plg.1.1681858426800; Tue, 18 Apr 2023 15:53:46 -0700 (PDT) Date: Tue, 18 Apr 2023 15:53:38 -0700 In-Reply-To: <20230418225343.553806-1-sdf@google.com> Mime-Version: 1.0 References: <20230418225343.553806-1-sdf@google.com> X-Mailer: git-send-email 2.40.0.634.g4ca3ef3211-goog Message-ID: <20230418225343.553806-2-sdf@google.com> Subject: [PATCH bpf-next 1/6] bpf: Don't EFAULT for getsockopt with optval=NULL From: Stanislav Fomichev To: bpf@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, martin.lau@linux.dev, song@kernel.org, yhs@fb.com, john.fastabend@gmail.com, kpsingh@kernel.org, sdf@google.com, haoluo@google.com, jolsa@kernel.org, Martin KaFai Lau Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net Some socket options do getsockopt with optval=NULL to estimate the size of the final buffer (which is returned via optlen). This breaks BPF getsockopt assumptions about permitted optval buffer size. Let's enforce these assumptions only when non-NULL optval is provided. Fixes: 0d01da6afc54 ("bpf: implement getsockopt and setsockopt hooks") Reported-by: Martin KaFai Lau Link: https://lore.kernel.org/bpf/ZD7Js4fj5YyI2oLd@google.com/T/#mb68daf700f87a9244a15d01d00c3f0e5b08f49f7 Signed-off-by: Stanislav Fomichev --- kernel/bpf/cgroup.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c index 53edb8ad2471..a06e118a9be5 100644 --- a/kernel/bpf/cgroup.c +++ b/kernel/bpf/cgroup.c @@ -1921,14 +1921,17 @@ int __cgroup_bpf_run_filter_getsockopt(struct sock *sk, int level, if (ret < 0) goto out; - if (ctx.optlen > max_optlen || ctx.optlen < 0) { + if (optval && (ctx.optlen > max_optlen || ctx.optlen < 0)) { ret = -EFAULT; goto out; } if (ctx.optlen != 0) { - if (copy_to_user(optval, ctx.optval, ctx.optlen) || - put_user(ctx.optlen, optlen)) { + if (optval && copy_to_user(optval, ctx.optval, ctx.optlen)) { + ret = -EFAULT; + goto out; + } + if (put_user(ctx.optlen, optlen)) { ret = -EFAULT; goto out; } From patchwork Tue Apr 18 22:53:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stanislav Fomichev X-Patchwork-Id: 13216211 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3953FC77B75 for ; Tue, 18 Apr 2023 22:53:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230120AbjDRWxv (ORCPT ); Tue, 18 Apr 2023 18:53:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39676 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229526AbjDRWxu (ORCPT ); Tue, 18 Apr 2023 18:53:50 -0400 Received: from mail-pf1-x449.google.com (mail-pf1-x449.google.com [IPv6:2607:f8b0:4864:20::449]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3FEAA2D42 for ; Tue, 18 Apr 2023 15:53:49 -0700 (PDT) Received: by mail-pf1-x449.google.com with SMTP id d2e1a72fcca58-63d30b08700so6402196b3a.1 for ; Tue, 18 Apr 2023 15:53:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1681858429; x=1684450429; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=tHYD7Ii0uZ8iFkhB8mefjINCBY9zbBE8vUmPjDpaYGQ=; b=uuPcKJi53bn/XlLiyQbOPELMWsFEYWSpo849IpvL4Jph8+X8vOCRFVjLM/pj6OxjiF Co9yVsPjxTuKMG30Xo3R7iVtGjwida0HOeWhvW5czdFjNYw5zo+s5e+4U5LraYx8vPJH r9nLgjGGC5Z9mY5+zOGKMmpEuqA5Mq86SfQyeVDBsK1pwBh5JipBglQGgKZdj2Jo6Jug Zcz19Lp4tanaOlNy8Ri8CbqGDvfpHyPWhFxuhigzu2cheSZVfmIxN6MG+C30c7U08dGX hJIUwT/tDvT5tnScR8wx3CynS0chqnUedIgdhZHoJ1jSORLeiq1fz0/7pdEK3/Rg4vZQ nGhw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681858429; x=1684450429; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=tHYD7Ii0uZ8iFkhB8mefjINCBY9zbBE8vUmPjDpaYGQ=; b=bG0413WmWplcIhylRXBtbRyx3JxRIAn1YDGU8Apkmb0JMo7UFOfJ6WH3N5bvVrc/hm NjJ29JK2cVuuDzwe650PXjqCmC/gPV3tuw9toQg5iJpC53V0JFFjvZAy9kt5bbMz2tYL n7L+/lRZsYPZEU4v7pNAkdxwvv2+N03Tbx3p1GXFbDUeY6bQ5GGIuKe9rorA9HhufW9B mtTNL+uIz97ue3KZ99LABEOOBE4yEIYWBKjWmqTYL1gEX8qQSyLgnQOWRnCT4v2gzGE2 LkC16cjTT/K8uq9CYpqcH836w4h/zx0VnkWI8rpVWeUpYo1+Pf2TKGHZ1Lez5xhlq2p0 pTig== X-Gm-Message-State: AAQBX9dYbtRk9vKVUR9KbGS0xxSgttaNFwN1qduPYM72exaVe2hRr3dL 46CRwRapY+J9q4lXeuEUcRB3KQV6hX3zKwr9J08oflSvsqLsfESvj2d3x9lwfh1LUd5fXIuXrYD S+u8tw8ns7YsKjmU32uuQuNb0oargD+Ch+pYVJW5eafG51cM0OA== X-Google-Smtp-Source: AKy350aT9o2xfqrmUv2SWQ8JU0Ui9wIqWbUxcSiHvfZX/QJBIOUbt0QgaPeH/cx0M5J/3m2pR2GRrCQ= X-Received: from sdf.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5935]) (user=sdf job=sendgmr) by 2002:a17:90a:4e48:b0:247:1e13:90e6 with SMTP id t8-20020a17090a4e4800b002471e1390e6mr105328pjl.2.1681858428635; Tue, 18 Apr 2023 15:53:48 -0700 (PDT) Date: Tue, 18 Apr 2023 15:53:39 -0700 In-Reply-To: <20230418225343.553806-1-sdf@google.com> Mime-Version: 1.0 References: <20230418225343.553806-1-sdf@google.com> X-Mailer: git-send-email 2.40.0.634.g4ca3ef3211-goog Message-ID: <20230418225343.553806-3-sdf@google.com> Subject: [PATCH bpf-next 2/6] selftests/bpf: Verify optval=NULL case From: Stanislav Fomichev To: bpf@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, martin.lau@linux.dev, song@kernel.org, yhs@fb.com, john.fastabend@gmail.com, kpsingh@kernel.org, sdf@google.com, haoluo@google.com, jolsa@kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net Make sure we get optlen exported instead of getting EFAULT. Signed-off-by: Stanislav Fomichev --- .../selftests/bpf/prog_tests/sockopt_sk.c | 28 +++++++++++++++++++ .../testing/selftests/bpf/progs/sockopt_sk.c | 12 ++++++++ 2 files changed, 40 insertions(+) diff --git a/tools/testing/selftests/bpf/prog_tests/sockopt_sk.c b/tools/testing/selftests/bpf/prog_tests/sockopt_sk.c index 60d952719d27..4512dd808c33 100644 --- a/tools/testing/selftests/bpf/prog_tests/sockopt_sk.c +++ b/tools/testing/selftests/bpf/prog_tests/sockopt_sk.c @@ -3,6 +3,7 @@ #include "cgroup_helpers.h" #include +#include #include "sockopt_sk.skel.h" #ifndef SOL_TCP @@ -183,6 +184,33 @@ static int getsetsockopt(void) goto err; } + /* optval=NULL case is handled correctly */ + + close(fd); + fd = socket(AF_NETLINK, SOCK_RAW, 0); + if (fd < 0) { + log_err("Failed to create AF_NETLINK socket"); + return -1; + } + + buf.u32 = 1; + optlen = sizeof(__u32); + err = setsockopt(fd, SOL_NETLINK, NETLINK_ADD_MEMBERSHIP, &buf, optlen); + if (err) { + log_err("Unexpected getsockopt(NETLINK_ADD_MEMBERSHIP) err=%d errno=%d", + err, errno); + goto err; + } + + optlen = 0; + err = getsockopt(fd, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, NULL, &optlen); + if (err) { + log_err("Unexpected getsockopt(NETLINK_LIST_MEMBERSHIPS) err=%d errno=%d", + err, errno); + goto err; + } + ASSERT_EQ(optlen, 4, "Unexpected NETLINK_LIST_MEMBERSHIPS value"); + free(big_buf); close(fd); return 0; diff --git a/tools/testing/selftests/bpf/progs/sockopt_sk.c b/tools/testing/selftests/bpf/progs/sockopt_sk.c index c8d810010a94..fe1df4cd206e 100644 --- a/tools/testing/selftests/bpf/progs/sockopt_sk.c +++ b/tools/testing/selftests/bpf/progs/sockopt_sk.c @@ -32,6 +32,12 @@ int _getsockopt(struct bpf_sockopt *ctx) __u8 *optval_end = ctx->optval_end; __u8 *optval = ctx->optval; struct sockopt_sk *storage; + struct bpf_sock *sk; + + /* Bypass AF_NETLINK. */ + sk = ctx->sk; + if (sk && sk->family == AF_NETLINK) + return 1; /* Make sure bpf_get_netns_cookie is callable. */ @@ -131,6 +137,12 @@ int _setsockopt(struct bpf_sockopt *ctx) __u8 *optval_end = ctx->optval_end; __u8 *optval = ctx->optval; struct sockopt_sk *storage; + struct bpf_sock *sk; + + /* Bypass AF_NETLINK. */ + sk = ctx->sk; + if (sk && sk->family == AF_NETLINK) + return 1; /* Make sure bpf_get_netns_cookie is callable. */ From patchwork Tue Apr 18 22:53:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stanislav Fomichev X-Patchwork-Id: 13216212 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B5770C6FD18 for ; Tue, 18 Apr 2023 22:53:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230158AbjDRWxx (ORCPT ); Tue, 18 Apr 2023 18:53:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39704 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229526AbjDRWxw (ORCPT ); Tue, 18 Apr 2023 18:53:52 -0400 Received: from mail-pg1-x549.google.com (mail-pg1-x549.google.com [IPv6:2607:f8b0:4864:20::549]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 18CA349C6 for ; Tue, 18 Apr 2023 15:53:51 -0700 (PDT) Received: by mail-pg1-x549.google.com with SMTP id 41be03b00d2f7-51b121871ecso1367536a12.3 for ; Tue, 18 Apr 2023 15:53:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1681858430; x=1684450430; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=kpnHjZxuddE6H3TcHpUie3NL1Iwb3twryCOTZMDA77E=; b=m2h3J7X4hHWS2rH6bUuI69mG0jY4t56iAviiKN9oZN9Cq6aFTYkjJ4c5nNMbpbR56B 7hLZwRmsPHE7t6nnyYzJaJJSCkOma2LQ4gCkB+R35/2tldcogQdIi8EzqeuVYcU7KyHk OIpSN3Awa5Qm/c+nUrFZWzNHt+gFv8CFMBUSTl+O1MW80XPosXdZkT2kNRlpZH3UH2AO kf3q90PDQniRjSXSldqGmTeU3bOvn8nVjg5I3m/wnmuYOgGTK99aJWNgvZOnFyWe8dZ+ pSKQTJu/6ZhTB7zMVU+XqkZ67EX26T3lYGwEpgHO7DRcBAbieCPU732RkK9xIhzdDnBS i5Qw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681858430; x=1684450430; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=kpnHjZxuddE6H3TcHpUie3NL1Iwb3twryCOTZMDA77E=; b=BRBpXoCxrXKXKh345zLYUwG5MHPcynSF9f4yRS+XUEpxVftGu64OGIq3+81a7E2B8S mEseTHIefYloYoOy8g1OkIPukAUMt3TXIGxGJdCjjzIo50XJU6rV1LbibquVMUw9bMZ7 Fy3+9c7ybm8vNAz5YV4tXadEH6fwAGVXzDGsYdazheg1S7llJgPKofSxIY/yb1UpscFo ci1tUDkF+3wuwgXm45owoKfYIMzVuFyc9bfmB5mi91GH+paftceiZwF6wgglvbspT1BK cn6CDlys7ZTnf5jns/0/YibkkZbs3yYWiBxaykVwMOmnj7P72g2gj6dstlpUiJaZeO0Q 9X4g== X-Gm-Message-State: AAQBX9fR6wd6stmgrmY4XpWuv6BIezVUlZcCzb/gicyH8xd3LRTQLo1y En74fEWCrYh0+FyRLeejyXC0eP5jDsAkJD9wKoe0BpwaYCCDJbJ3TC4Bmeg+WdOFjnnSNpdqqWA LSIEh3qKOC0X+6KHDxeoElOkk0l/I7RNaicovzJNhS7o1/nfmGg== X-Google-Smtp-Source: AKy350YrwVuGMKpOCq7f1X46khuH3WfonVSTEAP+riGAPbBpFJlNNSzUKdZToTN+NBlU3wSq/6DAs1A= X-Received: from sdf.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5935]) (user=sdf job=sendgmr) by 2002:a65:6645:0:b0:513:c7d:6ed3 with SMTP id z5-20020a656645000000b005130c7d6ed3mr1067751pgv.4.1681858430416; Tue, 18 Apr 2023 15:53:50 -0700 (PDT) Date: Tue, 18 Apr 2023 15:53:40 -0700 In-Reply-To: <20230418225343.553806-1-sdf@google.com> Mime-Version: 1.0 References: <20230418225343.553806-1-sdf@google.com> X-Mailer: git-send-email 2.40.0.634.g4ca3ef3211-goog Message-ID: <20230418225343.553806-4-sdf@google.com> Subject: [PATCH bpf-next 3/6] bpf: Don't EFAULT for {g,s}setsockopt with wrong optlen From: Stanislav Fomichev To: bpf@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, martin.lau@linux.dev, song@kernel.org, yhs@fb.com, john.fastabend@gmail.com, kpsingh@kernel.org, sdf@google.com, haoluo@google.com, jolsa@kernel.org, Martin KaFai Lau Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net Over time, we've found out several special socket option cases which need special treatment. And if BPF program doesn't handle them correctly, this might EFAULT perfectly valid {g,s}setsockopt calls. The intention of the EFAULT was to make it apparent to the developers that the program is doing something wrong. However, this inadvertently might affect production workloads with the BPF programs that are not too careful. Let's try to minimize the chance of BPF program screwing up userspace by ignoring the output of those BPF programs (instead of returning EFAULT to the userspace). pr_info_ratelimited those cases to the dmesg to help with figuring out what's going wrong. Fixes: 0d01da6afc54 ("bpf: implement getsockopt and setsockopt hooks") Suggested-by: Martin KaFai Lau Signed-off-by: Stanislav Fomichev --- kernel/bpf/cgroup.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c index a06e118a9be5..af4d20864fb4 100644 --- a/kernel/bpf/cgroup.c +++ b/kernel/bpf/cgroup.c @@ -1826,7 +1826,9 @@ int __cgroup_bpf_run_filter_setsockopt(struct sock *sk, int *level, ret = 1; } else if (ctx.optlen > max_optlen || ctx.optlen < -1) { /* optlen is out of bounds */ - ret = -EFAULT; + pr_info_ratelimited( + "bpf setsockopt returned unexpected optlen=%d (max_optlen=%d)\n", + ctx.optlen, max_optlen); } else { /* optlen within bounds, run kernel handler */ ret = 0; @@ -1922,7 +1924,9 @@ int __cgroup_bpf_run_filter_getsockopt(struct sock *sk, int level, goto out; if (optval && (ctx.optlen > max_optlen || ctx.optlen < 0)) { - ret = -EFAULT; + pr_info_ratelimited( + "bpf getsockopt returned unexpected optlen=%d (max_optlen=%d)\n", + ctx.optlen, max_optlen); goto out; } From patchwork Tue Apr 18 22:53:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stanislav Fomichev X-Patchwork-Id: 13216213 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 00EBBC77B75 for ; Tue, 18 Apr 2023 22:53:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230305AbjDRWxz (ORCPT ); Tue, 18 Apr 2023 18:53:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39742 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230149AbjDRWxy (ORCPT ); Tue, 18 Apr 2023 18:53:54 -0400 Received: from mail-pf1-x449.google.com (mail-pf1-x449.google.com [IPv6:2607:f8b0:4864:20::449]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2327A49C6 for ; Tue, 18 Apr 2023 15:53:53 -0700 (PDT) Received: by mail-pf1-x449.google.com with SMTP id d2e1a72fcca58-63b57ad54a1so1635435b3a.3 for ; Tue, 18 Apr 2023 15:53:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1681858432; x=1684450432; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=dcTzD+ou3EW7Lw9ylc6tvLwQ/+is1njQ+SAvZ8e1ozo=; b=F2uJTlUKBR39aPuUDPULObflN/ETYnupGXMJppPvECdpzp8t6aOEPDBfxWXggxCf+6 eOpVm+dBdrQemWmApwt3cmz1TVPiFkJHmznBzSofeIZHXcustFWHg6ZvrRbjSjjExYWi KTCs9hluDJl5i0xh9ADx8zJHvpqkGWY7DdkgFrbOEMBjBNoMaPJDWcI8IYUQLZcWY37h vZWobjMRkXLtvc2pu2Mt/IHfWAX+qwpmT59Rm/qnlONoADBFAp9v09J33ya11fWOwtgj TtJipGvvml3y+jz6ZuzyRIIbr3rUFVNVF9GEKNRcBc5pxdtvOBrlNfn2NwyOvydfuS6u AqPQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681858432; x=1684450432; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=dcTzD+ou3EW7Lw9ylc6tvLwQ/+is1njQ+SAvZ8e1ozo=; b=lCKjnHM4WFJYrUqgrPZ52l/YtjZ6b/87WojmjYPlocWRgFbGqJzwUBVw66wrj519zg e74LnsjTri3IAbVhpvXXqda1Lh1wiIEYK4Ro4MJXI70FVTXgvqLYtwifvZrmoioq1Jn5 Vt4T2AxVSDQhDlBv8EDPR55Ypkco0Q3rL+9Tb1y4fptQUpVRNw/OgT5Y1pAEc0L8w1F7 rkjjI9700N1+uxgbyjUP6pD2ehG0Goz09k7vigOlEuygFiApADdC0TDjsjQkKKkKMrpA +X3xHilY1cjAmqo6dv75PHOYKrL3UYtLYAxRrJpOFkdzE1RN8RZ1s7ZgRSSu8YLwyMYt aYnw== X-Gm-Message-State: AAQBX9f2RadRigTfKKaRSREEX96X3T0o9F7fqP9tKvhbBGMtQGlVgZsy FQ6FyhKQ/Hflxqrp7tjyYCBuq3lTIe+pXCUtmom5dICziXa9D7aTEmkGrP/DO8WX9S82nNqkKpp lIX3VdPLh0d13B22tEY+dGMq9HYg1uiXgmj59dYOx+oNIxapyJw== X-Google-Smtp-Source: AKy350ZNbox8LqIixuIUWYtDLr22Ez3Ycon5DyEyqHfaI9Y+A3StCGkMNuzc6LqZHQqmmsXHk5R+mSs= X-Received: from sdf.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5935]) (user=sdf job=sendgmr) by 2002:a05:6a00:1782:b0:63d:2cff:bfad with SMTP id s2-20020a056a00178200b0063d2cffbfadmr685270pfg.6.1681858432354; Tue, 18 Apr 2023 15:53:52 -0700 (PDT) Date: Tue, 18 Apr 2023 15:53:41 -0700 In-Reply-To: <20230418225343.553806-1-sdf@google.com> Mime-Version: 1.0 References: <20230418225343.553806-1-sdf@google.com> X-Mailer: git-send-email 2.40.0.634.g4ca3ef3211-goog Message-ID: <20230418225343.553806-5-sdf@google.com> Subject: [PATCH bpf-next 4/6] selftests/bpf: Update EFAULT {g,s}etsockopt selftests From: Stanislav Fomichev To: bpf@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, martin.lau@linux.dev, song@kernel.org, yhs@fb.com, john.fastabend@gmail.com, kpsingh@kernel.org, sdf@google.com, haoluo@google.com, jolsa@kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net Instead of assuming EFAULT, let's assume the BPF program's output is ignored. Remove "getsockopt: deny arbitrary ctx->retval" because it was actually testing optlen. We have separate set of tests for retval. Signed-off-by: Stanislav Fomichev --- .../selftests/bpf/prog_tests/sockopt.c | 42 ++++++------------- 1 file changed, 13 insertions(+), 29 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/sockopt.c b/tools/testing/selftests/bpf/prog_tests/sockopt.c index aa4debf62fc6..bff7d91d1e1d 100644 --- a/tools/testing/selftests/bpf/prog_tests/sockopt.c +++ b/tools/testing/selftests/bpf/prog_tests/sockopt.c @@ -249,7 +249,7 @@ static struct sockopt_test { .get_optlen = 64, }, { - .descr = "getsockopt: deny bigger ctx->optlen", + .descr = "getsockopt: ignore bigger ctx->optlen", .insns = { /* ctx->optlen = 65 */ BPF_MOV64_IMM(BPF_REG_0, 65), @@ -268,28 +268,10 @@ static struct sockopt_test { .attach_type = BPF_CGROUP_GETSOCKOPT, .expected_attach_type = BPF_CGROUP_GETSOCKOPT, - .get_optlen = 64, - - .error = EFAULT_GETSOCKOPT, - }, - { - .descr = "getsockopt: deny arbitrary ctx->retval", - .insns = { - /* ctx->retval = 123 */ - BPF_MOV64_IMM(BPF_REG_0, 123), - BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, - offsetof(struct bpf_sockopt, retval)), - - /* return 1 */ - BPF_MOV64_IMM(BPF_REG_0, 1), - BPF_EXIT_INSN(), - }, - .attach_type = BPF_CGROUP_GETSOCKOPT, - .expected_attach_type = BPF_CGROUP_GETSOCKOPT, - - .get_optlen = 64, - - .error = EFAULT_GETSOCKOPT, + .get_level = SOL_IP, + .get_optname = IP_TOS, + .get_optval = {}, + .get_optlen = 4, }, { .descr = "getsockopt: support smaller ctx->optlen", @@ -627,9 +609,10 @@ static struct sockopt_test { .attach_type = BPF_CGROUP_SETSOCKOPT, .expected_attach_type = BPF_CGROUP_SETSOCKOPT, - .set_optlen = 4, - - .error = EFAULT_SETSOCKOPT, + .set_level = SOL_IP, + .set_optname = IP_TOS, + .set_optval = { 1 << 3 }, + .set_optlen = 1, }, { .descr = "setsockopt: deny ctx->optlen > input optlen", @@ -644,9 +627,10 @@ static struct sockopt_test { .attach_type = BPF_CGROUP_SETSOCKOPT, .expected_attach_type = BPF_CGROUP_SETSOCKOPT, - .set_optlen = 64, - - .error = EFAULT_SETSOCKOPT, + .set_level = SOL_IP, + .set_optname = IP_TOS, + .set_optval = { 1 << 3 }, + .set_optlen = 1, }, { .descr = "setsockopt: allow changing ctx->optlen within bounds", From patchwork Tue Apr 18 22:53:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stanislav Fomichev X-Patchwork-Id: 13216214 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 40FFDC77B75 for ; Tue, 18 Apr 2023 22:54:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229526AbjDRWx6 (ORCPT ); Tue, 18 Apr 2023 18:53:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39824 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230343AbjDRWx5 (ORCPT ); Tue, 18 Apr 2023 18:53:57 -0400 Received: from mail-pg1-x54a.google.com (mail-pg1-x54a.google.com [IPv6:2607:f8b0:4864:20::54a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ED5C449C6 for ; Tue, 18 Apr 2023 15:53:54 -0700 (PDT) Received: by mail-pg1-x54a.google.com with SMTP id 41be03b00d2f7-51b85b8ecc9so781020a12.2 for ; Tue, 18 Apr 2023 15:53:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1681858434; x=1684450434; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=s9eyzg3DpGiEYVuzyNgxp7YetY0MDfxLPrCCNs2Zvvk=; b=Z6CUoi5qZZ7kS3kR9tqx0+E9I+mr8CraWqZ0aW71u8zTUx4NVa4OThwGhrjmlyezJh anhRzvLqqemdPnZNT3viFBFzSFx9Y0ga3Nj/oSv9Dsw/shb+mvPIOcM76B5F34PZs1aC dy96RzWm33YQdHw2LR7ijoKM9PyxCeYu+znZ9Zt+cuoFQnEWu69ka29i1KZ/6SSzVxBI oci7nK42HrU3EJVmNjsW1W3xiFQHoXwS8Jnid/+WfLRIHXSVEER5uyfyVplIp/ssq3rR 4eUcjogjOxsRqqXJrO4ugpnYmO5gW8Q3lpspruQ6nA9U7irR+kSkZCpojzcAwjDZ6iGU fLdA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681858434; x=1684450434; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=s9eyzg3DpGiEYVuzyNgxp7YetY0MDfxLPrCCNs2Zvvk=; b=h8K61KJKMk3aYyMglyUlCDwd/aJcgzaUcF4odLStwPLvFqce4qH1Cq0atdrFuSQRGJ 61dd18vuSvoaxMKUuMomyQKslfrc0PLRaiV8TSbGNTJLIH/L+MoH0HFloh6n0rVK4ye3 DWq9WhqY8XlR6p9l/P7rmTkRVFoEinrspxyBqfNYOWdkPjCwLFbWC/G1yFFwR+Lz6V+3 DwTclWgrxu7JrGbbPCjQj8aFLcnyZHictK+feljujZBeDVhm26edgbJMafuhx3pys5S8 LSUdvXcNQtAVNRg8UfQ/UXa5hNBidPRefAGO5+npTlruESPnrPggi8le4AYahs5SLNwL qyNQ== X-Gm-Message-State: AAQBX9clyWWyg36X2zfuoTjD2LAGesw2CIWJel6f7eXXxrdfAiq37T6D x+Gor7sN9LxL3qlhj8JIeL+nL3DmYAu93O6P8Z3xmNGuFYqoGYB370vvxzRf+0QuRcySI5gTbl6 vp0iYrQNXBPNbqNhnWJU8qCWPloqHrBEkF0w0UGKcq01yau/GYQ== X-Google-Smtp-Source: AKy350YSZIXg3WCqNu+Mou7AYjHLRs9KLSVAH54q7rckeGJ5SszK6nHGIpYvAhk1DzkSWLCW70UzpFo= X-Received: from sdf.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5935]) (user=sdf job=sendgmr) by 2002:a65:498b:0:b0:513:98d5:5ba with SMTP id r11-20020a65498b000000b0051398d505bamr1059099pgs.7.1681858434303; Tue, 18 Apr 2023 15:53:54 -0700 (PDT) Date: Tue, 18 Apr 2023 15:53:42 -0700 In-Reply-To: <20230418225343.553806-1-sdf@google.com> Mime-Version: 1.0 References: <20230418225343.553806-1-sdf@google.com> X-Mailer: git-send-email 2.40.0.634.g4ca3ef3211-goog Message-ID: <20230418225343.553806-6-sdf@google.com> Subject: [PATCH bpf-next 5/6] selftests/bpf: Correctly handle optlen > 4096 From: Stanislav Fomichev To: bpf@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, martin.lau@linux.dev, song@kernel.org, yhs@fb.com, john.fastabend@gmail.com, kpsingh@kernel.org, sdf@google.com, haoluo@google.com, jolsa@kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net Even though it's not relevant in selftests, the people might still copy-paste from them. So let's take care of optlen > 4096 cases explicitly. Signed-off-by: Stanislav Fomichev --- .../progs/cgroup_getset_retval_getsockopt.c | 12 +++++++++ .../progs/cgroup_getset_retval_setsockopt.c | 16 ++++++++++++ .../selftests/bpf/progs/sockopt_inherit.c | 16 ++++++++++-- .../selftests/bpf/progs/sockopt_multi.c | 24 +++++++++++++++--- .../selftests/bpf/progs/sockopt_qos_to_cc.c | 8 +++++- .../testing/selftests/bpf/progs/sockopt_sk.c | 25 +++++++++++++------ 6 files changed, 88 insertions(+), 13 deletions(-) diff --git a/tools/testing/selftests/bpf/progs/cgroup_getset_retval_getsockopt.c b/tools/testing/selftests/bpf/progs/cgroup_getset_retval_getsockopt.c index b2a409e6382a..b66454886cc4 100644 --- a/tools/testing/selftests/bpf/progs/cgroup_getset_retval_getsockopt.c +++ b/tools/testing/selftests/bpf/progs/cgroup_getset_retval_getsockopt.c @@ -20,6 +20,10 @@ int get_retval(struct bpf_sockopt *ctx) ctx_retval_value = ctx->retval; __sync_fetch_and_add(&invocations, 1); + /* optval larger than PAGE_SIZE use kernel's buffer. */ + if (ctx->optlen > 4096) + ctx->optlen = 0; + return 1; } @@ -31,6 +35,10 @@ int set_eisconn(struct bpf_sockopt *ctx) if (bpf_set_retval(-EISCONN)) assertion_error = 1; + /* optval larger than PAGE_SIZE use kernel's buffer. */ + if (ctx->optlen > 4096) + ctx->optlen = 0; + return 1; } @@ -41,5 +49,9 @@ int clear_retval(struct bpf_sockopt *ctx) ctx->retval = 0; + /* optval larger than PAGE_SIZE use kernel's buffer. */ + if (ctx->optlen > 4096) + ctx->optlen = 0; + return 1; } diff --git a/tools/testing/selftests/bpf/progs/cgroup_getset_retval_setsockopt.c b/tools/testing/selftests/bpf/progs/cgroup_getset_retval_setsockopt.c index d6e5903e06ba..68fce0311771 100644 --- a/tools/testing/selftests/bpf/progs/cgroup_getset_retval_setsockopt.c +++ b/tools/testing/selftests/bpf/progs/cgroup_getset_retval_setsockopt.c @@ -18,6 +18,10 @@ int get_retval(struct bpf_sockopt *ctx) retval_value = bpf_get_retval(); __sync_fetch_and_add(&invocations, 1); + /* optval larger than PAGE_SIZE use kernel's buffer. */ + if (ctx->optlen > 4096) + ctx->optlen = 0; + return 1; } @@ -29,6 +33,10 @@ int set_eunatch(struct bpf_sockopt *ctx) if (bpf_set_retval(-EUNATCH)) assertion_error = 1; + /* optval larger than PAGE_SIZE use kernel's buffer. */ + if (ctx->optlen > 4096) + ctx->optlen = 0; + return 0; } @@ -40,6 +48,10 @@ int set_eisconn(struct bpf_sockopt *ctx) if (bpf_set_retval(-EISCONN)) assertion_error = 1; + /* optval larger than PAGE_SIZE use kernel's buffer. */ + if (ctx->optlen > 4096) + ctx->optlen = 0; + return 0; } @@ -48,5 +60,9 @@ int legacy_eperm(struct bpf_sockopt *ctx) { __sync_fetch_and_add(&invocations, 1); + /* optval larger than PAGE_SIZE use kernel's buffer. */ + if (ctx->optlen > 4096) + ctx->optlen = 0; + return 0; } diff --git a/tools/testing/selftests/bpf/progs/sockopt_inherit.c b/tools/testing/selftests/bpf/progs/sockopt_inherit.c index 9fb241b97291..78e56070dbcf 100644 --- a/tools/testing/selftests/bpf/progs/sockopt_inherit.c +++ b/tools/testing/selftests/bpf/progs/sockopt_inherit.c @@ -55,7 +55,7 @@ int _getsockopt(struct bpf_sockopt *ctx) __u8 *optval = ctx->optval; if (ctx->level != SOL_CUSTOM) - return 1; /* only interested in SOL_CUSTOM */ + goto out; /* only interested in SOL_CUSTOM */ if (optval + 1 > optval_end) return 0; /* EPERM, bounds check */ @@ -70,6 +70,12 @@ int _getsockopt(struct bpf_sockopt *ctx) ctx->optlen = 1; return 1; + +out: + /* optval larger than PAGE_SIZE use kernel's buffer. */ + if (ctx->optlen > 4096) + ctx->optlen = 0; + return 1; } SEC("cgroup/setsockopt") @@ -80,7 +86,7 @@ int _setsockopt(struct bpf_sockopt *ctx) __u8 *optval = ctx->optval; if (ctx->level != SOL_CUSTOM) - return 1; /* only interested in SOL_CUSTOM */ + goto out; /* only interested in SOL_CUSTOM */ if (optval + 1 > optval_end) return 0; /* EPERM, bounds check */ @@ -93,4 +99,10 @@ int _setsockopt(struct bpf_sockopt *ctx) ctx->optlen = -1; return 1; + +out: + /* optval larger than PAGE_SIZE use kernel's buffer. */ + if (ctx->optlen > 4096) + ctx->optlen = 0; + return 1; } diff --git a/tools/testing/selftests/bpf/progs/sockopt_multi.c b/tools/testing/selftests/bpf/progs/sockopt_multi.c index 177a59069dae..f645eb253c6c 100644 --- a/tools/testing/selftests/bpf/progs/sockopt_multi.c +++ b/tools/testing/selftests/bpf/progs/sockopt_multi.c @@ -12,7 +12,7 @@ int _getsockopt_child(struct bpf_sockopt *ctx) __u8 *optval = ctx->optval; if (ctx->level != SOL_IP || ctx->optname != IP_TOS) - return 1; + goto out; if (optval + 1 > optval_end) return 0; /* EPERM, bounds check */ @@ -26,6 +26,12 @@ int _getsockopt_child(struct bpf_sockopt *ctx) ctx->optlen = 1; return 1; + +out: + /* optval larger than PAGE_SIZE use kernel's buffer. */ + if (ctx->optlen > 4096) + ctx->optlen = 0; + return 1; } SEC("cgroup/getsockopt") @@ -35,7 +41,7 @@ int _getsockopt_parent(struct bpf_sockopt *ctx) __u8 *optval = ctx->optval; if (ctx->level != SOL_IP || ctx->optname != IP_TOS) - return 1; + goto out; if (optval + 1 > optval_end) return 0; /* EPERM, bounds check */ @@ -49,6 +55,12 @@ int _getsockopt_parent(struct bpf_sockopt *ctx) ctx->optlen = 1; return 1; + +out: + /* optval larger than PAGE_SIZE use kernel's buffer. */ + if (ctx->optlen > 4096) + ctx->optlen = 0; + return 1; } SEC("cgroup/setsockopt") @@ -58,7 +70,7 @@ int _setsockopt(struct bpf_sockopt *ctx) __u8 *optval = ctx->optval; if (ctx->level != SOL_IP || ctx->optname != IP_TOS) - return 1; + goto out; if (optval + 1 > optval_end) return 0; /* EPERM, bounds check */ @@ -67,4 +79,10 @@ int _setsockopt(struct bpf_sockopt *ctx) ctx->optlen = 1; return 1; + +out: + /* optval larger than PAGE_SIZE use kernel's buffer. */ + if (ctx->optlen > 4096) + ctx->optlen = 0; + return 1; } diff --git a/tools/testing/selftests/bpf/progs/sockopt_qos_to_cc.c b/tools/testing/selftests/bpf/progs/sockopt_qos_to_cc.c index 1bce83b6e3a7..597f3e276cf7 100644 --- a/tools/testing/selftests/bpf/progs/sockopt_qos_to_cc.c +++ b/tools/testing/selftests/bpf/progs/sockopt_qos_to_cc.c @@ -19,7 +19,7 @@ int sockopt_qos_to_cc(struct bpf_sockopt *ctx) char cc_cubic[TCP_CA_NAME_MAX] = "cubic"; if (ctx->level != SOL_IPV6 || ctx->optname != IPV6_TCLASS) - return 1; + goto out; if (optval + 1 > optval_end) return 0; /* EPERM, bounds check */ @@ -36,4 +36,10 @@ int sockopt_qos_to_cc(struct bpf_sockopt *ctx) return 0; } return 1; + +out: + /* optval larger than PAGE_SIZE use kernel's buffer. */ + if (ctx->optlen > 4096) + ctx->optlen = 0; + return 1; } diff --git a/tools/testing/selftests/bpf/progs/sockopt_sk.c b/tools/testing/selftests/bpf/progs/sockopt_sk.c index fe1df4cd206e..e1aed858c208 100644 --- a/tools/testing/selftests/bpf/progs/sockopt_sk.c +++ b/tools/testing/selftests/bpf/progs/sockopt_sk.c @@ -37,7 +37,7 @@ int _getsockopt(struct bpf_sockopt *ctx) /* Bypass AF_NETLINK. */ sk = ctx->sk; if (sk && sk->family == AF_NETLINK) - return 1; + goto out; /* Make sure bpf_get_netns_cookie is callable. */ @@ -52,8 +52,7 @@ int _getsockopt(struct bpf_sockopt *ctx) * let next BPF program in the cgroup chain or kernel * handle it. */ - ctx->optlen = 0; /* bypass optval>PAGE_SIZE */ - return 1; + goto out; } if (ctx->level == SOL_SOCKET && ctx->optname == SO_SNDBUF) { @@ -61,7 +60,7 @@ int _getsockopt(struct bpf_sockopt *ctx) * let next BPF program in the cgroup chain or kernel * handle it. */ - return 1; + goto out; } if (ctx->level == SOL_TCP && ctx->optname == TCP_CONGESTION) { @@ -69,7 +68,7 @@ int _getsockopt(struct bpf_sockopt *ctx) * let next BPF program in the cgroup chain or kernel * handle it. */ - return 1; + goto out; } if (ctx->level == SOL_TCP && ctx->optname == TCP_ZEROCOPY_RECEIVE) { @@ -85,7 +84,7 @@ int _getsockopt(struct bpf_sockopt *ctx) if (((struct tcp_zerocopy_receive *)optval)->address != 0) return 0; /* unexpected data */ - return 1; + goto out; } if (ctx->level == SOL_IP && ctx->optname == IP_FREEBIND) { @@ -129,6 +128,12 @@ int _getsockopt(struct bpf_sockopt *ctx) ctx->optlen = 1; return 1; + +out: + /* optval larger than PAGE_SIZE use kernel's buffer. */ + if (ctx->optlen > 4096) + ctx->optlen = 0; + return 1; } SEC("cgroup/setsockopt") @@ -142,7 +147,7 @@ int _setsockopt(struct bpf_sockopt *ctx) /* Bypass AF_NETLINK. */ sk = ctx->sk; if (sk && sk->family == AF_NETLINK) - return 1; + goto out; /* Make sure bpf_get_netns_cookie is callable. */ @@ -224,4 +229,10 @@ int _setsockopt(struct bpf_sockopt *ctx) */ return 1; + +out: + /* optval larger than PAGE_SIZE use kernel's buffer. */ + if (ctx->optlen > 4096) + ctx->optlen = 0; + return 1; } From patchwork Tue Apr 18 22:53:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stanislav Fomichev X-Patchwork-Id: 13216215 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 19F77C6FD18 for ; Tue, 18 Apr 2023 22:54:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230143AbjDRWx7 (ORCPT ); Tue, 18 Apr 2023 18:53:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39844 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230248AbjDRWx5 (ORCPT ); Tue, 18 Apr 2023 18:53:57 -0400 Received: from mail-pg1-x54a.google.com (mail-pg1-x54a.google.com [IPv6:2607:f8b0:4864:20::54a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A731D7EC9 for ; Tue, 18 Apr 2023 15:53:56 -0700 (PDT) Received: by mail-pg1-x54a.google.com with SMTP id 41be03b00d2f7-517bad1b8c5so2361241a12.0 for ; Tue, 18 Apr 2023 15:53:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1681858436; x=1684450436; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=HAn2JH1Lq9QcR8BANXfaTRPPTo1GcUOEnDLU+00WzxU=; b=pXfRJNUD38spNQt20L203si3D+0fZHgVA2J5I7QUqaR9vlqTpo1ujhOMw+B72sVIwq s8RWuAMvRpPvlsGuahtkHU8G/bNwGb9m078XHCUXCOg0jXhq1S8WpXePD4sBcAwDKKdr nKR79ATxwU8a9IO1LNvBlKn5nCJwlZ7F8LMicrRgW0XSpzrcYPX1O06zpfhCxCNQ1Rn/ 2meyyDupsr/MLZ9EqPSvzEl7NKLXArIrd/CiNjIYNn+2d//2fBId0ORWrLoYpAEWMNn9 GdMt5GQHqMjIkHdEB1SdM7miF+uk3J5Nf8hq134TsC6wDeWL46+q6n8sTrLW4Y/a8d84 k1IQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681858436; x=1684450436; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=HAn2JH1Lq9QcR8BANXfaTRPPTo1GcUOEnDLU+00WzxU=; b=F9sknQqqq43gLl3TS2SjdQzzMTe24Cc9/8MO0pcb0trtQ0IitGeeufVo4F+NjWnKVg cRokXfnV/MtVMA3Vzv17c9vbjl8nCUeC4kyEjQ5HWFqHpuPGVB6tK4l2V8m9kNmvYokU vrALOmiuvNNFykEZsnJgKuPG8x6PNUjKErF8iS7Ue0+IPMHMW+ZXiFMKuNY33dY3oa0L Bzms7sfZL8k8ClCtwLKdztQk8/2BL8Sg9RDlVfsovwUqDgG+QAKQBGwLKwpKWSKb2z71 QmBJIc/V9doJsyabcVP6s+Ww9q3u1ICKUThdoABE+JB/dl278CLqx5x2riMp/OQ0fviy 85ig== X-Gm-Message-State: AAQBX9d2shOL9nFkYO2dcSC038fPoAxd78q3of+OeFz21nevr9S2asbH giu3cvlwTCWrjHayG0NC99zy/RZLXwzmKb5SM1YCGPXmx3VWFCxSqDbTORuMWM2yfER9lrmq2U6 H33za6Q7oBRaNagLh6kO2XOhC1jkUSCX0o7ngTFFd8q+UUjfQwQ== X-Google-Smtp-Source: AKy350Zk9RzxEo3bdYu6f/wBCXydxjTq2MnevrgmpGBtDmme/IjcbxtyqMf4A/yPhekxAi43JOdyM/Y= X-Received: from sdf.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5935]) (user=sdf job=sendgmr) by 2002:a63:1b56:0:b0:51b:aee8:7ae9 with SMTP id b22-20020a631b56000000b0051baee87ae9mr1078756pgm.12.1681858436095; Tue, 18 Apr 2023 15:53:56 -0700 (PDT) Date: Tue, 18 Apr 2023 15:53:43 -0700 In-Reply-To: <20230418225343.553806-1-sdf@google.com> Mime-Version: 1.0 References: <20230418225343.553806-1-sdf@google.com> X-Mailer: git-send-email 2.40.0.634.g4ca3ef3211-goog Message-ID: <20230418225343.553806-7-sdf@google.com> Subject: [PATCH bpf-next 6/6] bpf: Document EFAULT changes for sockopt From: Stanislav Fomichev To: bpf@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, martin.lau@linux.dev, song@kernel.org, yhs@fb.com, john.fastabend@gmail.com, kpsingh@kernel.org, sdf@google.com, haoluo@google.com, jolsa@kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net And add examples for how to correctly handle large optlens. This is less relevant now when we don't EFAULT anymore, but that's still the correct thing to do. Signed-off-by: Stanislav Fomichev --- Documentation/bpf/prog_cgroup_sockopt.rst | 64 +++++++++++++++++++++-- 1 file changed, 60 insertions(+), 4 deletions(-) diff --git a/Documentation/bpf/prog_cgroup_sockopt.rst b/Documentation/bpf/prog_cgroup_sockopt.rst index 172f957204bf..dcb8d4681257 100644 --- a/Documentation/bpf/prog_cgroup_sockopt.rst +++ b/Documentation/bpf/prog_cgroup_sockopt.rst @@ -29,7 +29,7 @@ chain finish (i.e. kernel ``setsockopt`` handling will *not* be executed). Note, that ``optlen`` can not be increased beyond the user-supplied value. It can only be decreased or set to -1. Any other value will -trigger ``EFAULT``. +ignore the BPF program's changes to ``optlen``/``optval``. Return Type ----------- @@ -45,13 +45,14 @@ sockopt. The BPF hook can observe ``optval``, ``optlen`` and ``retval`` if it's interested in whatever kernel has returned. BPF hook can override the values above, adjust ``optlen`` and reset ``retval`` to 0. If ``optlen`` has been increased above initial ``getsockopt`` value (i.e. userspace -buffer is too small), ``EFAULT`` is returned. +buffer is too small), BPF program's ``optlen`` and ``optval`` are +ignored. This hook has access to the cgroup and socket local storage. Note, that the only acceptable value to set to ``retval`` is 0 and the original value that the kernel returned. Any other value will trigger -``EFAULT``. +ignore BPF program's changes. Return Type ----------- @@ -98,10 +99,65 @@ When the ``optval`` is greater than the ``PAGE_SIZE``, the BPF program indicates that the kernel should use BPF's trimmed ``optval``. When the BPF program returns with the ``optlen`` greater than -``PAGE_SIZE``, the userspace will receive ``EFAULT`` errno. +``PAGE_SIZE``, the userspace will receive original kernel +buffers without any modifications that the BPF program might have +applied. Example ======= +Recommended way to handle BPF programs is as follows: + +``` +SEC("cgroup/getsockopt") +int getsockopt(struct bpf_sockopt *ctx) +{ + /* Custom socket option. */ + if (ctx->level == MY_SOL && ctx->optname == MY_OPTNAME) { + ctx->retval = 0; + optval[0] = ...; + ctx->optlen = 1; + return 1; + } + + /* Modify kernel's socket option. */ + if (ctx->level == SOL_IP && ctx->optname == IP_FREEBIND) { + ctx->retval = 0; + optval[0] = ...; + ctx->optlen = 1; + return 1; + } + + /* optval larger than PAGE_SIZE use kernel's buffer. */ + if (ctx->optlen > 4096) + ctx->optlen = 0; + + return 1; +} + +SEC("cgroup/setsockopt") +int setsockopt(struct bpf_sockopt *ctx) +{ + /* Custom socket option. */ + if (ctx->level == MY_SOL && ctx->optname == MY_OPTNAME) { + /* do something */ + ctx->optlen = -1; + return 1; + } + + /* Modify kernel's socket option. */ + if (ctx->level == SOL_IP && ctx->optname == IP_FREEBIND) { + optval[0] = ...; + return 1; + } + + /* optval larger than PAGE_SIZE use kernel's buffer. */ + if (ctx->optlen > 4096) + ctx->optlen = 0; + + return 1; +} +``` + See ``tools/testing/selftests/bpf/progs/sockopt_sk.c`` for an example of BPF program that handles socket options.