On Fri, Aug 21, 2020 at 3:30 AM Lorenz Bauer <lmb@xxxxxxxxxxxxxx> wrote: > > We're currently building a control plane for our BPF socket dispatch > work. As part of that, we have a need to create a copy of an existing > sockhash, to allow us to change the keys. I previously proposed allowing > privileged userspace to look up sockets, which doesn't work due to > security concerns (see [1]). > > In follow up discussions during BPF office hours we identified bpf_iter > as a possible solution: instead of accessing sockets from user space > we can iterate the source sockhash, and insert the values into a new > map. Enabling this requires two pieces: the ability to iterate > sockmap and sockhash, as well as being able to call map_update_elem > from BPF. > > This patch set implements the latter: it's now possible to update > sockmap from BPF context. As a next step, we can implement bpf_iter > for sockmap. > > === > > I've done some more fixups, and audited the safe contexts more > thoroughly. As a result I'm removing CGROUP_SKB, SK_MSG and SK_SKB > for now. > > Changes in v3: > - Use CHECK as much as possible (Yonghong) > - Reject ARG_PTR_TO_MAP_VALUE_OR_NULL for sockmap (Yonghong) > - Remove CGROUP_SKB, SK_MSG, SK_SKB from safe contexts > - Test that the verifier rejects update from unsafe context All looks good to me. I've applied the set. Please follow up with a cleanup to selftests as Yonghong suggested.
