Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-06 05:06:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
92905470a1
linux-stable/net/sctp
History
Alexander Mikhalitsyn 3e7ee33b95 sctp: add bpf_bypass_getsockopt proto callback 
[ Upstream commit 2598619e01 ]

Implement ->bpf_bypass_getsockopt proto callback and filter out
SCTP_SOCKOPT_PEELOFF, SCTP_SOCKOPT_PEELOFF_FLAGS and SCTP_SOCKOPT_CONNECTX3
socket options from running eBPF hook on them.

SCTP_SOCKOPT_PEELOFF and SCTP_SOCKOPT_PEELOFF_FLAGS options do fd_install(),
and if BPF_CGROUP_RUN_PROG_GETSOCKOPT hook returns an error after success of
the original handler sctp_getsockopt(...), userspace will receive an error
from getsockopt syscall and will be not aware that fd was successfully
installed into a fdtable.

As pointed by Marcelo Ricardo Leitner it seems reasonable to skip
bpf getsockopt hook for SCTP_SOCKOPT_CONNECTX3 sockopt too.
Because internaly, it triggers connect() and if error is masked
then userspace will be confused.

This patch was born as a result of discussion around a new SCM_PIDFD interface:
https://lore.kernel.org/all/20230413133355.350571-3-aleksandr.mikhalitsyn@canonical.com/

Fixes: 0d01da6afc ("bpf: implement getsockopt and setsockopt hooks")
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Christian Brauner <brauner@kernel.org>
Cc: Stanislav Fomichev <sdf@google.com>
Cc: Neil Horman <nhorman@tuxdriver.com>
Cc: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Cc: Xin Long <lucien.xin@gmail.com>
Cc: linux-sctp@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: netdev@vger.kernel.org
Suggested-by: Stanislav Fomichev <sdf@google.com>
Acked-by: Stanislav Fomichev <sdf@google.com>
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Acked-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-07-23 13:46:49 +02:00
..
associola.c sctp: leave the err path free in sctp_stream_init to sctp_stream_free 2022-08-03 12:03:54 +02:00
auth.c sctp: handle the error returned from sctp_auth_asoc_init_active_key 2022-10-26 12:34:48 +02:00
bind_addr.c sctp: fail if no bound addresses can be used for a given scope 2023-02-01 08:27:27 +01:00
chunk.c net: sctp: chunk.c: delete duplicated word 2020-08-24 16:21:43 -07:00
debug.c sctp: add the probe timer in transport for PLPMTUD 2021-06-22 11:28:52 -07:00
diag.c sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list 2023-02-22 12:57:08 +01:00
endpointola.c sctp: use call_rcu to free endpoint 2022-01-05 12:42:35 +01:00
input.c sctp: read sk->sk_bound_dev_if once in sctp_rcv() 2022-06-09 10:22:59 +02:00
inqueue.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 104 2019-05-24 17:39:00 +02:00
ipv6.c sctp: delete addr based on sin6_scope_id 2021-07-26 12:34:03 +01:00
Kconfig sctp: create udp4 sock and add its encap_rcv 2020-10-30 15:23:52 -07:00
Makefile sctp: rename sctp_diag.c as diag.c 2018-02-13 13:56:31 -05:00
objcnt.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 104 2019-05-24 17:39:00 +02:00
offload.c sctp: remove the NETIF_F_SG flag before calling skb_segment 2021-01-16 19:05:59 -08:00
output.c sctp: allow IP fragmentation when PLPMTUD enters Error state 2021-11-18 19:16:43 +01:00
outqueue.c sctp: clear out_curr if all frag chunks of current msg are pruned 2022-12-02 17:40:59 +01:00
primitive.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 104 2019-05-24 17:39:00 +02:00
proc.c net: fix iteration for sctp transport seq_files 2021-02-08 10:15:49 -08:00
protocol.c ip: Fix data-races around sysctl_ip_nonlocal_bind. 2022-07-29 17:25:13 +02:00
sm_make_chunk.c sctp: account stream padding length for reconf chunk 2021-10-14 07:15:22 -07:00
sm_sideeffect.c sctp: check asoc strreset_chunk in sctp_generate_reconf_event 2022-05-09 09:14:35 +02:00
sm_statefuns.c sctp: fix an error code in sctp_sf_eat_auth() 2023-06-21 15:59:17 +02:00
sm_statetable.c sctp: add the probe timer in transport for PLPMTUD 2021-06-22 11:28:52 -07:00
socket.c sctp: add bpf_bypass_getsockopt proto callback 2023-07-23 13:46:49 +02:00
stream_interleave.c sctp: fix a potential overflow in sctp_ifwdtsn_skip 2023-04-20 12:13:53 +02:00
stream_sched_prio.c sctp: add a refcnt in sctp_stream_priorities to avoid a nested loop 2023-03-11 13:57:28 +01:00
stream_sched_rr.c sctp: fix memory leak in sctp_stream_outq_migrate() 2022-12-08 11:28:41 +01:00
stream_sched.c sctp: fix memory leak in sctp_stream_outq_migrate() 2022-12-08 11:28:41 +01:00
stream.c sctp: fix memory leak in sctp_stream_outq_migrate() 2022-12-08 11:28:41 +01:00
sysctl.c sctp: sysctl: make extra pointers netns aware 2022-12-31 13:14:20 +01:00
transport.c sctp: fix an issue that plpmtu can never go to complete state 2023-05-30 13:55:33 +01:00
tsnmap.c net: sctp: trivial: fix typo in comment 2021-03-04 13:48:32 -08:00
ulpevent.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-05-31 17:48:46 -07:00
ulpqueue.c net: sctp: ulpqueue.c: delete duplicated word 2020-08-24 16:21:43 -07:00