-
Notifications
You must be signed in to change notification settings - Fork 109
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bpf: Don't EFAULT for {g,s}setsockopt with wrong optlen #5011
Conversation
Upstream branch: a464411 |
ad61735
to
aaeb27d
Compare
Upstream branch: 6ec7be9 |
1afed71
to
fe11648
Compare
aaeb27d
to
3b98e48
Compare
Upstream branch: bf06c93 |
fe11648
to
ffc43b3
Compare
3b98e48
to
f384e4e
Compare
Upstream branch: f1f5553 |
ffc43b3
to
f244a00
Compare
f384e4e
to
8eafc01
Compare
Upstream branch: 31f4f81 |
f244a00
to
7581739
Compare
8eafc01
to
f1af4ac
Compare
Upstream branch: 31f4f81 |
7581739
to
a3f764f
Compare
f1af4ac
to
d787ba9
Compare
Upstream branch: c39028b |
a3f764f
to
f4f071e
Compare
d787ba9
to
12c210e
Compare
Upstream branch: 577c34b |
f4f071e
to
c411294
Compare
12c210e
to
eeced39
Compare
Upstream branch: 577c34b |
c411294
to
6eb8568
Compare
Upstream branch: fedf992 |
733dd63
to
961ce8c
Compare
e00789e
to
894f82e
Compare
Upstream branch: 7866fc6 |
961ce8c
to
96cfc71
Compare
894f82e
to
e2eabfb
Compare
Upstream branch: fbc0b02 |
96cfc71
to
87bc7d8
Compare
e2eabfb
to
b77d7ff
Compare
Upstream branch: 6953518 |
87bc7d8
to
0339fce
Compare
b77d7ff
to
0638639
Compare
With the way the hooks implemented right now, we have a special condition: optval larger than PAGE_SIZE will expose only first 4k into BPF; any modifications to the optval are ignored. If the BPF program doesn't handle this condition by resetting optlen to 0, the userspace will get EFAULT. The intention of the EFAULT was to make it apparent to the developers that the program is doing something wrong. However, this inadvertently might affect production workloads with the BPF programs that are not too careful (i.e., returning EFAULT for perfectly valid setsockopt/getsockopt calls). Let's try to minimize the chance of BPF program screwing up userspace by ignoring the output of those BPF programs (instead of returning EFAULT to the userspace). pr_info_once those cases to the dmesg to help with figuring out what's going wrong. Fixes: 0d01da6 ("bpf: implement getsockopt and setsockopt hooks") Suggested-by: Martin KaFai Lau <martin.lau@kernel.org> Signed-off-by: Stanislav Fomichev <sdf@google.com>
Instead of assuming EFAULT, let's assume the BPF program's output is ignored. Remove "getsockopt: deny arbitrary ctx->retval" because it was actually testing optlen. We have separate set of tests for retval. Signed-off-by: Stanislav Fomichev <sdf@google.com>
Even though it's not relevant in selftests, the people might still copy-paste from them. So let's take care of optlen > 4096 cases explicitly. Signed-off-by: Stanislav Fomichev <sdf@google.com>
Upstream branch: f4dea96 |
And add examples for how to correctly handle large optlens. This is less relevant now when we don't EFAULT anymore, but that's still the correct thing to do. Signed-off-by: Stanislav Fomichev <sdf@google.com>
0339fce
to
da8092f
Compare
At least one diff in series https://patchwork.kernel.org/project/netdevbpf/list/?series=745069 expired. Closing PR. |
Pull request for series with
subject: bpf: Don't EFAULT for {g,s}setsockopt with wrong optlen
version: 2
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=743665