On Thu, Jun 02, 2022 at 06:59:47PM -0700, Stanislav Fomichev wrote: > On Thu, Jun 2, 2022 at 6:52 PM Martin KaFai Lau <kafai@xxxxxx> wrote: > > > > On Wed, Jun 01, 2022 at 12:02:18PM -0700, Stanislav Fomichev wrote: > > > sk_priority & sk_mark are writable, the rest is readonly. > > > > > > One interesting thing here is that the verifier doesn't > > > really force me to add NULL checks anywhere :-/ > > Are you aware if it is possible to get a NULL sk from some of the > > bpf_lsm hooks ? > > No, I don't think it's relevant for lsm hooks. I'm more concerned > about fentry/fexit which supposedly should go through the same > verifier path and can be attached everywhere? fentry/fexit is BPF_READ. It will be marked with BPF_PROBE_MEM and the fault will be handled by the bpf extable handler. If the lsm hooks cannot get a NULL sk, BPF_WRITE on the sk_prioirity and sk_mark is fine. Took a first pass on the set and will take a closer look.
