Skip to content

Commit 5607fff

Browse files
jrfastabborkmann
jrfastab
authored and
borkmann
committed
bpf: sockmap only allow ESTABLISHED sock state
After this patch we only allow socks that are in ESTABLISHED state or are being added via a sock_ops event that is transitioning into an ESTABLISHED state. By allowing sock_ops events we allow users to manage sockmaps directly from sock ops programs. The two supported sock_ops ops are BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB and BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB. Similar to TLS ULP this ensures sk_user_data is correct. Reported-by: Eric Dumazet <[email protected]> Fixes: 1aa12bd ("bpf: sockmap, add sock close() hook to remove socks") Signed-off-by: John Fastabend <[email protected]> Acked-by: Yonghong Song <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]>
1 parent 080220b commit 5607fff

File tree

1 file changed

+30
-1
lines changed

1 file changed

+30
-1
lines changed

kernel/bpf/sockmap.c

Lines changed: 30 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2097,8 +2097,12 @@ static int sock_map_update_elem(struct bpf_map *map,
20972097
return -EINVAL;
20982098
}
20992099

2100+
/* ULPs are currently supported only for TCP sockets in ESTABLISHED
2101+
* state.
2102+
*/
21002103
if (skops.sk->sk_type != SOCK_STREAM ||
2101-
skops.sk->sk_protocol != IPPROTO_TCP) {
2104+
skops.sk->sk_protocol != IPPROTO_TCP ||
2105+
skops.sk->sk_state != TCP_ESTABLISHED) {
21022106
fput(socket->file);
21032107
return -EOPNOTSUPP;
21042108
}
@@ -2453,6 +2457,16 @@ static int sock_hash_update_elem(struct bpf_map *map,
24532457
return -EINVAL;
24542458
}
24552459

2460+
/* ULPs are currently supported only for TCP sockets in ESTABLISHED
2461+
* state.
2462+
*/
2463+
if (skops.sk->sk_type != SOCK_STREAM ||
2464+
skops.sk->sk_protocol != IPPROTO_TCP ||
2465+
skops.sk->sk_state != TCP_ESTABLISHED) {
2466+
fput(socket->file);
2467+
return -EOPNOTSUPP;
2468+
}
2469+
24562470
lock_sock(skops.sk);
24572471
preempt_disable();
24582472
rcu_read_lock();
@@ -2543,10 +2557,22 @@ const struct bpf_map_ops sock_hash_ops = {
25432557
.map_check_btf = map_check_no_btf,
25442558
};
25452559

2560+
static bool bpf_is_valid_sock_op(struct bpf_sock_ops_kern *ops)
2561+
{
2562+
return ops->op == BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB ||
2563+
ops->op == BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB;
2564+
}
25462565
BPF_CALL_4(bpf_sock_map_update, struct bpf_sock_ops_kern *, bpf_sock,
25472566
struct bpf_map *, map, void *, key, u64, flags)
25482567
{
25492568
WARN_ON_ONCE(!rcu_read_lock_held());
2569+
2570+
/* ULPs are currently supported only for TCP sockets in ESTABLISHED
2571+
* state. This checks that the sock ops triggering the update is
2572+
* one indicating we are (or will be soon) in an ESTABLISHED state.
2573+
*/
2574+
if (!bpf_is_valid_sock_op(bpf_sock))
2575+
return -EOPNOTSUPP;
25502576
return sock_map_ctx_update_elem(bpf_sock, map, key, flags);
25512577
}
25522578

@@ -2565,6 +2591,9 @@ BPF_CALL_4(bpf_sock_hash_update, struct bpf_sock_ops_kern *, bpf_sock,
25652591
struct bpf_map *, map, void *, key, u64, flags)
25662592
{
25672593
WARN_ON_ONCE(!rcu_read_lock_held());
2594+
2595+
if (!bpf_is_valid_sock_op(bpf_sock))
2596+
return -EOPNOTSUPP;
25682597
return sock_hash_ctx_update_elem(bpf_sock, map, key, flags);
25692598
}
25702599

0 commit comments

Comments
 (0)