| Message ID | 8824dd0b0b627c5dfdfd767e0e366e3cc8f9505a.1441193159.git.daniel@iogearbox.net |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
Le 02/09/2015 14:00, Daniel Borkmann a écrit : > diag socket's sock_diag_put_filterinfo() dumps classic BPF programs > upon request to user space (ss -0 -b). However, native eBPF programs > attached to sockets (SO_ATTACH_BPF) cannot be dumped with this method: > > Their orig_prog is always NULL. However, sock_diag_put_filterinfo() > unconditionally tries to access its filter length resp. wants to copy > the filter insns from there. Internal cBPF to eBPF transformations > attached to sockets don't have this issue, as orig_prog state is kept. > > It's currently only used by packet sockets. If we would want to add > native eBPF support in the future, this needs to be done through > a different attribute than PACKET_DIAG_FILTER to not confuse possible > user space disassemblers that work on diag data. > > Fixes: 89aa075832b0 ("net: sock: allow eBPF programs to be attached to sockets") > Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 9/2/15 5:00 AM, Daniel Borkmann wrote: > diag socket's sock_diag_put_filterinfo() dumps classic BPF programs > upon request to user space (ss -0 -b). However, native eBPF programs > attached to sockets (SO_ATTACH_BPF) cannot be dumped with this method: ... > Fixes: 89aa075832b0 ("net: sock: allow eBPF programs to be attached to sockets") > Signed-off-by: Daniel Borkmann<daniel@iogearbox.net> good catch. thanks Acked-by: Alexei Starovoitov <ast@plumgrid.com> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Daniel Borkmann <daniel@iogearbox.net> Date: Wed, 2 Sep 2015 14:00:36 +0200 > diag socket's sock_diag_put_filterinfo() dumps classic BPF programs > upon request to user space (ss -0 -b). However, native eBPF programs > attached to sockets (SO_ATTACH_BPF) cannot be dumped with this method: > > Their orig_prog is always NULL. However, sock_diag_put_filterinfo() > unconditionally tries to access its filter length resp. wants to copy > the filter insns from there. Internal cBPF to eBPF transformations > attached to sockets don't have this issue, as orig_prog state is kept. > > It's currently only used by packet sockets. If we would want to add > native eBPF support in the future, this needs to be done through > a different attribute than PACKET_DIAG_FILTER to not confuse possible > user space disassemblers that work on diag data. > > Fixes: 89aa075832b0 ("net: sock: allow eBPF programs to be attached to sockets") > Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Applied and queued up for -stable, thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c index d79866c..817622f 100644 --- a/net/core/sock_diag.c +++ b/net/core/sock_diag.c @@ -90,6 +90,9 @@ int sock_diag_put_filterinfo(bool may_report_filterinfo, struct sock *sk, goto out; fprog = filter->prog->orig_prog; + if (!fprog) + goto out; + flen = bpf_classic_proglen(fprog); attr = nla_reserve(skb, attrtype, flen);
diag socket's sock_diag_put_filterinfo() dumps classic BPF programs upon request to user space (ss -0 -b). However, native eBPF programs attached to sockets (SO_ATTACH_BPF) cannot be dumped with this method: Their orig_prog is always NULL. However, sock_diag_put_filterinfo() unconditionally tries to access its filter length resp. wants to copy the filter insns from there. Internal cBPF to eBPF transformations attached to sockets don't have this issue, as orig_prog state is kept. It's currently only used by packet sockets. If we would want to add native eBPF support in the future, this needs to be done through a different attribute than PACKET_DIAG_FILTER to not confuse possible user space disassemblers that work on diag data. Fixes: 89aa075832b0 ("net: sock: allow eBPF programs to be attached to sockets") Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> --- net/core/sock_diag.c | 3 +++ 1 file changed, 3 insertions(+)