On Thu, Jul 23, 2020 at 02:42:11PM +0000, David Laight wrote: > From: Christoph Hellwig > > Sent: 23 July 2020 07:09 > > > > The bpfilter user mode helper processes the optval address using > > process_vm_readv. Don't send it kernel addresses fed under > > set_fs(KERNEL_DS) as that won't work. > > What sort of operations is the bpf filter doing on the sockopt buffers? > > Any attempts to reject some requests can be thwarted by a second > application thread modifying the buffer after the bpf filter has > checked that it allowed. > > You can't do security by reading a user buffer twice. I'm not saying that I approve of the design, but the current bpfilter design uses process_vm_readv to access the buffer, which obviously does not work with kernel buffers.
