From patchwork Fri Mar 10 22:15:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anjali Kulkarni X-Patchwork-Id: 67815 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp4116wrd; Fri, 10 Mar 2023 14:38:49 -0800 (PST) X-Google-Smtp-Source: AK7set+o0a6BrYgf/l64qRdwIftT63YAOarJwP53fjtxS8Iclc63+jccoI3jmmGroUCE1p1n9x8I X-Received: by 2002:a05:6a00:1312:b0:5a8:c469:e47c with SMTP id j18-20020a056a00131200b005a8c469e47cmr3380789pfu.10.1678487929277; Fri, 10 Mar 2023 14:38:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1678487929; cv=none; d=google.com; s=arc-20160816; b=tv2gKfZqvXFHWztoDcnVDslxvvwLhbgpLAzss03yNHZtyNf+X4G1IcjKDPRZPocfoL NwwGHCC/ZxnTmy9Rz1lRpbGwujOBwo7Wwufe4yeixJ89/+C0gj3hB1Q77VFzgxkRGDgY FLjXUwnOvK22/sPjXqR9LnuV/G+AL9nxggt058whjdkEe4AcsWrgsRIukPCX6EjAtCcy 9lhu4US9afvs/526I8qkyTsJELGlLLShGB1LxeFlI5r+RmRQzmTfcijt48AvOnksRWer AFkKiuBt6fl3i30qudmDuLzkb8YNjC7NohVk17SJ1sL4JQ0RRkjlLUYoHh6Ypm2DKY6E O+gg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=eaW63H5WYY0jeCFNsqmZWFmy2A0ZfYVHoEKBNGRcozA=; b=hZ7D5kG1iDRe6G9za4WmeHZupFRMM/JxTCRhPq7Hpzio8Pc/reGkfEEnHEu+yieYBB mC2b4H9jIxlRlJ/ESYpOIwxCjb1bkpVBuZpr72vxa/yfvw4wq3xJfrtIQYBHxVXRQQC+ wvF/XYscCoXwzayTW6g8u26iqeteH98TtzSA7wdpORpMb/QJwpOKR7N2plAAsVLfT/Ph ZqRAp/CugQ8294lyOqD9yhvfdfAUrnv8igPEhhvy6lLgwZUQOX/7nAa3wKxDy0Das/Mz MNOqu7R9S7DmLJIau7zudAu2a1BLVkE4Rg0smLBitMnCb5bS4M629zRppe7mRfRkUWsY lxFw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2022-7-12 header.b=gO4oGQ20; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q19-20020aa79833000000b005a8e372ed89si702228pfl.109.2023.03.10.14.38.33; Fri, 10 Mar 2023 14:38:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2022-7-12 header.b=gO4oGQ20; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231696AbjCJWQ1 (ORCPT + 99 others); Fri, 10 Mar 2023 17:16:27 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46332 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231599AbjCJWQQ (ORCPT ); Fri, 10 Mar 2023 17:16:16 -0500 Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com [205.220.177.32]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B98F7136FCA; Fri, 10 Mar 2023 14:16:14 -0800 (PST) Received: from pps.filterd (m0246632.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 32ALhsWu026773; Fri, 10 Mar 2023 22:15:56 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=corp-2022-7-12; bh=eaW63H5WYY0jeCFNsqmZWFmy2A0ZfYVHoEKBNGRcozA=; b=gO4oGQ20MThbf5ZSpPHwMelBXTsrpfRhD05zn2SQtsSu+0ONbjWINM5isPF666p1AH+7 Olfj1DOISrZuowUZbDrGpyDd3r+FdcQOixWzpH8jAkpfbOyLWIPtQ8aY3fYQMFfwQ5nY lHD2lEEe58H+onst+avtJPDq/XfZ5aq/dC0b1JUAhF5m8b2LQOsO3Qx4USXIX2AdNw0+ 5+2khnOpW+Nw8YAxaXq1E1bHbhTYFUjv/JacKwCr9lqXDUzRnPcwuo/zQs5R1kWlc9pf XjiSKiXo5fqUpS3lfJcQYGbZTuqw64HFiMZobBm+sSET7JnXcVK/GpH5dLJPYrnGb4NT MQ== Received: from phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta01.appoci.oracle.com [138.1.114.2]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3p417cp9hv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Mar 2023 22:15:56 +0000 Received: from pps.filterd (phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (8.17.1.5/8.17.1.5) with ESMTP id 32AM4FaM031459; Fri, 10 Mar 2023 22:15:55 GMT Received: from pps.reinject (localhost [127.0.0.1]) by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 3p6feqs9s5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Mar 2023 22:15:55 +0000 Received: from phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 32AMFrOv028711; Fri, 10 Mar 2023 22:15:54 GMT Received: from ca-dev112.us.oracle.com (ca-dev112.us.oracle.com [10.129.136.47]) by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTP id 3p6feqs9nh-2; Fri, 10 Mar 2023 22:15:54 +0000 From: Anjali Kulkarni To: davem@davemloft.net Cc: edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, zbr@ioremap.net, brauner@kernel.org, johannes@sipsolutions.net, ecree.xilinx@gmail.com, leon@kernel.org, keescook@chromium.org, socketcan@hartkopp.net, petrm@nvidia.com, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, anjali.k.kulkarni@oracle.com Subject: [PATCH v1 1/5] netlink: Reverse the patch which removed filtering Date: Fri, 10 Mar 2023 14:15:43 -0800 Message-Id: <20230310221547.3656194-2-anjali.k.kulkarni@oracle.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230310221547.3656194-1-anjali.k.kulkarni@oracle.com> References: <20230310221547.3656194-1-anjali.k.kulkarni@oracle.com> MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-03-10_10,2023-03-10_01,2023-02-09_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 spamscore=0 bulkscore=0 mlxlogscore=999 suspectscore=0 malwarescore=0 mlxscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2303100177 X-Proofpoint-GUID: LBlGDv1AlfA9IyiA-Lq_Xq8-cd2RDTSq X-Proofpoint-ORIG-GUID: LBlGDv1AlfA9IyiA-Lq_Xq8-cd2RDTSq X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1760022158489835526?= X-GMAIL-MSGID: =?utf-8?q?1760022158489835526?= To use filtering at the connector & cn_proc layers, we need to enable filtering in the netlink layer. This reverses the patch which removed netlink filtering: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=549017aa1bb7` Signed-off-by: Anjali Kulkarni --- include/linux/netlink.h | 5 +++++ net/netlink/af_netlink.c | 25 +++++++++++++++++++++++-- 2 files changed, 28 insertions(+), 2 deletions(-) diff --git a/include/linux/netlink.h b/include/linux/netlink.h index c43ac7690eca..866bbc5a4c8d 100644 --- a/include/linux/netlink.h +++ b/include/linux/netlink.h @@ -206,6 +206,11 @@ bool netlink_strict_get_check(struct sk_buff *skb); int netlink_unicast(struct sock *ssk, struct sk_buff *skb, __u32 portid, int nonblock); int netlink_broadcast(struct sock *ssk, struct sk_buff *skb, __u32 portid, __u32 group, gfp_t allocation); +int netlink_broadcast_filtered(struct sock *ssk, struct sk_buff *skb, + __u32 portid, __u32 group, gfp_t allocation, + int (*filter)(struct sock *dsk, + struct sk_buff *skb, void *data), + void *filter_data); int netlink_set_err(struct sock *ssk, __u32 portid, __u32 group, int code); int netlink_register_notifier(struct notifier_block *nb); int netlink_unregister_notifier(struct notifier_block *nb); diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index c64277659753..003c7e6ec9be 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -1432,6 +1432,8 @@ struct netlink_broadcast_data { int delivered; gfp_t allocation; struct sk_buff *skb, *skb2; + int (*tx_filter)(struct sock *dsk, struct sk_buff *skb, void *data); + void *tx_data; }; static void do_one_broadcast(struct sock *sk, @@ -1485,6 +1487,11 @@ static void do_one_broadcast(struct sock *sk, p->delivery_failure = 1; goto out; } + if (p->tx_filter && p->tx_filter(sk, p->skb2, p->tx_data)) { + kfree_skb(p->skb2); + p->skb2 = NULL; + goto out; + } if (sk_filter(sk, p->skb2)) { kfree_skb(p->skb2); p->skb2 = NULL; @@ -1507,8 +1514,12 @@ static void do_one_broadcast(struct sock *sk, sock_put(sk); } -int netlink_broadcast(struct sock *ssk, struct sk_buff *skb, u32 portid, - u32 group, gfp_t allocation) +int netlink_broadcast_filtered(struct sock *ssk, struct sk_buff *skb, + u32 portid, + u32 group, gfp_t allocation, + int (*filter)(struct sock *dsk, + struct sk_buff *skb, void *data), + void *filter_data) { struct net *net = sock_net(ssk); struct netlink_broadcast_data info; @@ -1527,6 +1538,8 @@ int netlink_broadcast(struct sock *ssk, struct sk_buff *skb, u32 portid, info.allocation = allocation; info.skb = skb; info.skb2 = NULL; + info.tx_filter = filter; + info.tx_data = filter_data; /* While we sleep in clone, do not allow to change socket list */ @@ -1552,6 +1565,14 @@ int netlink_broadcast(struct sock *ssk, struct sk_buff *skb, u32 portid, } return -ESRCH; } +EXPORT_SYMBOL(netlink_broadcast_filtered); + +int netlink_broadcast(struct sock *ssk, struct sk_buff *skb, u32 portid, + u32 group, gfp_t allocation) +{ + return netlink_broadcast_filtered(ssk, skb, portid, group, allocation, + NULL, NULL); +} EXPORT_SYMBOL(netlink_broadcast); struct netlink_set_err_data { From patchwork Fri Mar 10 22:15:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anjali Kulkarni X-Patchwork-Id: 67790 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp1199wrd; Fri, 10 Mar 2023 14:30:59 -0800 (PST) X-Google-Smtp-Source: AK7set+3WhrrTq/Cl63SQULTUxYeEpro0dgXct+hnjQ1Clz3sqUCFOOAcouzG7XWsjCKuAOLLeoD X-Received: by 2002:a17:90b:384d:b0:236:6dea:87b4 with SMTP id nl13-20020a17090b384d00b002366dea87b4mr6419260pjb.39.1678487458887; Fri, 10 Mar 2023 14:30:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1678487458; cv=none; d=google.com; s=arc-20160816; b=u5FIEo4b+O6R2ge9qNpzjWKtXx3ajpF8QK/8u6uiU8KUfkEQaSamspXpJEt+HI0roi 3Fzb0+5gu6iZqum8Yajb96NsW3MAYKF6Hsf6dYs7biB3+G5aYc7F01T+NvTjPMOu2M35 1pdzkqOMiuG6hlWPtgkCK3wyNAF5Chd51QerMSCtuWZh0QZF4CmcRVg37PF+FO+StBP7 RzusiK822UNmuZmrQwQ5TKYcTAXJ+bz+WWpg/sHy7Uvswv6k95tq2Vux65L9fB4jeWFW TB5SPHifCerqNcVMceqfhFXWXVQzWYIfF2RYAubbbICmbOyctjEX3hF1v7uhbBqfpATW SCLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=uBlMdD7r1eIccZBQ2mT5dGoN2iebPaDSiGe5Dh8nfOk=; b=IhbtM55Orf+wE4MjiWLcyv8Ya+YBNIuEBmYr+NdTyBGG6If7KUm1b6JQKlOKEDR8aM sB1s1K3TU7Qmhpii1PbDgQJ5RZfKJ3ZJKTyHluU97pGmZfY2GsClyJQSD+ZCVgzQvKfq FV0Cjt9Z434pQuKJ8bI4xgDkcKWXIazWjJOaPzOSDGueErTSWHF5qE4AUPo9HygxpXBG SlNJPz0OTH0MpV+VonWBiLRhPGbpoaJz1kCgue75ztziKMgqNS1rZSWTJI7JXo10JBl5 nVxfpGnNSQ93hYR+t7GlLDxUhOeDz2gXTi/NCeAAuxYjcxYSNjv/rdzPT6LVCSLBHmli UTHw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2022-7-12 header.b=P6djNuwI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p14-20020a17090a74ce00b00234b0c3e853si803433pjl.93.2023.03.10.14.30.43; Fri, 10 Mar 2023 14:30:58 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2022-7-12 header.b=P6djNuwI; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231827AbjCJWQk (ORCPT + 99 others); Fri, 10 Mar 2023 17:16:40 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46510 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231634AbjCJWQT (ORCPT ); Fri, 10 Mar 2023 17:16:19 -0500 Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7C1CC144178; Fri, 10 Mar 2023 14:16:17 -0800 (PST) Received: from pps.filterd (m0246617.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 32ALi0Op014913; Fri, 10 Mar 2023 22:15:57 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=corp-2022-7-12; bh=uBlMdD7r1eIccZBQ2mT5dGoN2iebPaDSiGe5Dh8nfOk=; b=P6djNuwI1m0QuxDQh9o5r3DwvqepmKuomSKRQm64ltkMc878UZ5ABtAJNDapkNE8Me3U CfHNsC9xb0XmM4ErbJKx6svibahFvBlRruzYftD64Vd/UuacKnFSLRPlHTRSKtszFhMH j+nCoHlJLuED5OjGlSrW+foi9EfPvOsyKb0YVfmfYQgeA5OtxdtP/1xHtdX3BLJtvpcH 1E0RtDEO7jKIU/PUo0LUrpBcbUlyNjj+c3d3ALyF9z394q0FJUywjmRJXN/nj7MU1wjE 7oUqOs5iEZyk9GSh25Hsuc9kefC3Og6udJ6zXNuU7CK5py3fslelFvJlyedu+0S73U23 9A== Received: from phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta01.appoci.oracle.com [138.1.114.2]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3p416wxc8v-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Mar 2023 22:15:56 +0000 Received: from pps.filterd (phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (8.17.1.5/8.17.1.5) with ESMTP id 32ALelle031645; Fri, 10 Mar 2023 22:15:56 GMT Received: from pps.reinject (localhost [127.0.0.1]) by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 3p6feqs9sr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Mar 2023 22:15:56 +0000 Received: from phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 32AMFrOx028711; Fri, 10 Mar 2023 22:15:55 GMT Received: from ca-dev112.us.oracle.com (ca-dev112.us.oracle.com [10.129.136.47]) by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTP id 3p6feqs9nh-3; Fri, 10 Mar 2023 22:15:55 +0000 From: Anjali Kulkarni To: davem@davemloft.net Cc: edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, zbr@ioremap.net, brauner@kernel.org, johannes@sipsolutions.net, ecree.xilinx@gmail.com, leon@kernel.org, keescook@chromium.org, socketcan@hartkopp.net, petrm@nvidia.com, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, anjali.k.kulkarni@oracle.com Subject: [PATCH v1 2/5] connector/cn_proc: Add filtering to fix some bugs Date: Fri, 10 Mar 2023 14:15:44 -0800 Message-Id: <20230310221547.3656194-3-anjali.k.kulkarni@oracle.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230310221547.3656194-1-anjali.k.kulkarni@oracle.com> References: <20230310221547.3656194-1-anjali.k.kulkarni@oracle.com> MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-03-10_10,2023-03-10_01,2023-02-09_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 spamscore=0 bulkscore=0 mlxlogscore=999 suspectscore=0 malwarescore=0 mlxscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2303100177 X-Proofpoint-GUID: mjOixkxXrRr-Kyi4NpG8a4ICe-efpavc X-Proofpoint-ORIG-GUID: mjOixkxXrRr-Kyi4NpG8a4ICe-efpavc X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1760021665803806445?= X-GMAIL-MSGID: =?utf-8?q?1760021665803806445?= One bug is if there are more than one listeners for the proc connector messages, and one of them deregisters for listening using PROC_CN_MCAST_IGNORE, they will still get all proc connector messages, as long as there is another listener. Another issue is if one client calls PROC_CN_MCAST_LISTEN, and another one calls PROC_CN_MCAST_IGNORE, then both will end up not getting any messages. This patch adds filtering and drops packet if client has sent PROC_CN_MCAST_IGNORE. This data is stored in the client socket's sk_user_data. In addition, we only increment or decrement proc_event_num_listeners once per client. This fixes the above issues. Signed-off-by: Anjali Kulkarni --- drivers/connector/cn_proc.c | 53 ++++++++++++++++++++++++++++------- drivers/connector/connector.c | 12 +++++--- drivers/w1/w1_netlink.c | 6 ++-- include/linux/connector.h | 6 +++- include/uapi/linux/cn_proc.h | 43 ++++++++++++++++------------ net/netlink/af_netlink.c | 10 +++++-- 6 files changed, 93 insertions(+), 37 deletions(-) diff --git a/drivers/connector/cn_proc.c b/drivers/connector/cn_proc.c index ccac1c453080..84f38d2bd4b9 100644 --- a/drivers/connector/cn_proc.c +++ b/drivers/connector/cn_proc.c @@ -48,6 +48,21 @@ static DEFINE_PER_CPU(struct local_event, local_event) = { .lock = INIT_LOCAL_LOCK(lock), }; +static int cn_filter(struct sock *dsk, struct sk_buff *skb, void *data) +{ + enum proc_cn_mcast_op mc_op; + + if (!dsk) + return 0; + + mc_op = ((struct proc_input *)(dsk->sk_user_data))->mcast_op; + + if (mc_op == PROC_CN_MCAST_IGNORE) + return 1; + + return 0; +} + static inline void send_msg(struct cn_msg *msg) { local_lock(&local_event.lock); @@ -61,7 +76,8 @@ static inline void send_msg(struct cn_msg *msg) * * If cn_netlink_send() fails, the data is not sent. */ - cn_netlink_send(msg, 0, CN_IDX_PROC, GFP_NOWAIT); + cn_netlink_send_mult(msg, msg->len, 0, CN_IDX_PROC, GFP_NOWAIT, + cn_filter, NULL); local_unlock(&local_event.lock); } @@ -346,11 +362,9 @@ static void cn_proc_ack(int err, int rcvd_seq, int rcvd_ack) static void cn_proc_mcast_ctl(struct cn_msg *msg, struct netlink_skb_parms *nsp) { - enum proc_cn_mcast_op *mc_op = NULL; - int err = 0; - - if (msg->len != sizeof(*mc_op)) - return; + enum proc_cn_mcast_op mc_op = 0, prev_mc_op = 0; + int err = 0, initial = 0; + struct sock *sk = NULL; /* * Events are reported with respect to the initial pid @@ -367,13 +381,32 @@ static void cn_proc_mcast_ctl(struct cn_msg *msg, goto out; } - mc_op = (enum proc_cn_mcast_op *)msg->data; - switch (*mc_op) { + if (msg->len == sizeof(mc_op)) + mc_op = *((enum proc_cn_mcast_op *)msg->data); + else + return; + + if (nsp->sk) { + sk = nsp->sk; + if (sk->sk_user_data == NULL) { + sk->sk_user_data = kzalloc(sizeof(struct proc_input), + GFP_KERNEL); + initial = 1; + } else { + prev_mc_op = + ((struct proc_input *)(sk->sk_user_data))->mcast_op; + } + ((struct proc_input *)(sk->sk_user_data))->mcast_op = mc_op; + } + + switch (mc_op) { case PROC_CN_MCAST_LISTEN: - atomic_inc(&proc_event_num_listeners); + if (initial || (prev_mc_op != PROC_CN_MCAST_LISTEN)) + atomic_inc(&proc_event_num_listeners); break; case PROC_CN_MCAST_IGNORE: - atomic_dec(&proc_event_num_listeners); + if (!initial && (prev_mc_op != PROC_CN_MCAST_IGNORE)) + atomic_dec(&proc_event_num_listeners); break; default: err = EINVAL; diff --git a/drivers/connector/connector.c b/drivers/connector/connector.c index 48ec7ce6ecac..1b7851b1aa0f 100644 --- a/drivers/connector/connector.c +++ b/drivers/connector/connector.c @@ -59,7 +59,9 @@ static int cn_already_initialized; * both, or if both are zero then the group is looked up and sent there. */ int cn_netlink_send_mult(struct cn_msg *msg, u16 len, u32 portid, u32 __group, - gfp_t gfp_mask) + gfp_t gfp_mask, + int (*filter)(struct sock *dsk, struct sk_buff *skb, void *data), + void *filter_data) { struct cn_callback_entry *__cbq; unsigned int size; @@ -110,8 +112,9 @@ int cn_netlink_send_mult(struct cn_msg *msg, u16 len, u32 portid, u32 __group, NETLINK_CB(skb).dst_group = group; if (group) - return netlink_broadcast(dev->nls, skb, portid, group, - gfp_mask); + return netlink_broadcast_filtered(dev->nls, skb, portid, group, + gfp_mask, filter, + (void *)filter_data); return netlink_unicast(dev->nls, skb, portid, !gfpflags_allow_blocking(gfp_mask)); } @@ -121,7 +124,8 @@ EXPORT_SYMBOL_GPL(cn_netlink_send_mult); int cn_netlink_send(struct cn_msg *msg, u32 portid, u32 __group, gfp_t gfp_mask) { - return cn_netlink_send_mult(msg, msg->len, portid, __group, gfp_mask); + return cn_netlink_send_mult(msg, msg->len, portid, __group, gfp_mask, + NULL, NULL); } EXPORT_SYMBOL_GPL(cn_netlink_send); diff --git a/drivers/w1/w1_netlink.c b/drivers/w1/w1_netlink.c index db110cc442b1..691978cddab7 100644 --- a/drivers/w1/w1_netlink.c +++ b/drivers/w1/w1_netlink.c @@ -65,7 +65,8 @@ static void w1_unref_block(struct w1_cb_block *block) u16 len = w1_reply_len(block); if (len) { cn_netlink_send_mult(block->first_cn, len, - block->portid, 0, GFP_KERNEL); + block->portid, 0, + GFP_KERNEL, NULL, NULL); } kfree(block); } @@ -83,7 +84,8 @@ static void w1_reply_make_space(struct w1_cb_block *block, u16 space) { u16 len = w1_reply_len(block); if (len + space >= block->maxlen) { - cn_netlink_send_mult(block->first_cn, len, block->portid, 0, GFP_KERNEL); + cn_netlink_send_mult(block->first_cn, len, block->portid, + 0, GFP_KERNEL, NULL, NULL); block->first_cn->len = 0; block->cn = NULL; block->msg = NULL; diff --git a/include/linux/connector.h b/include/linux/connector.h index 487350bb19c3..1336a5e7dd2f 100644 --- a/include/linux/connector.h +++ b/include/linux/connector.h @@ -96,7 +96,11 @@ void cn_del_callback(const struct cb_id *id); * * If there are no listeners for given group %-ESRCH can be returned. */ -int cn_netlink_send_mult(struct cn_msg *msg, u16 len, u32 portid, u32 group, gfp_t gfp_mask); +int cn_netlink_send_mult(struct cn_msg *msg, u16 len, u32 portid, + u32 group, gfp_t gfp_mask, + int (*filter)(struct sock *dsk, struct sk_buff *skb, + void *data), + void *filter_data); /** * cn_netlink_send - Sends message to the specified groups. diff --git a/include/uapi/linux/cn_proc.h b/include/uapi/linux/cn_proc.h index db210625cee8..6a06fb424313 100644 --- a/include/uapi/linux/cn_proc.h +++ b/include/uapi/linux/cn_proc.h @@ -30,6 +30,30 @@ enum proc_cn_mcast_op { PROC_CN_MCAST_IGNORE = 2 }; +enum proc_cn_event { + /* Use successive bits so the enums can be used to record + * sets of events as well + */ + PROC_EVENT_NONE = 0x00000000, + PROC_EVENT_FORK = 0x00000001, + PROC_EVENT_EXEC = 0x00000002, + PROC_EVENT_UID = 0x00000004, + PROC_EVENT_GID = 0x00000040, + PROC_EVENT_SID = 0x00000080, + PROC_EVENT_PTRACE = 0x00000100, + PROC_EVENT_COMM = 0x00000200, + /* "next" should be 0x00000400 */ + /* "last" is the last process event: exit, + * while "next to last" is coredumping event + */ + PROC_EVENT_COREDUMP = 0x40000000, + PROC_EVENT_EXIT = 0x80000000 +}; + +struct proc_input { + enum proc_cn_mcast_op mcast_op; +}; + /* * From the user's point of view, the process * ID is the thread group ID and thread ID is the internal @@ -44,24 +68,7 @@ enum proc_cn_mcast_op { */ struct proc_event { - enum what { - /* Use successive bits so the enums can be used to record - * sets of events as well - */ - PROC_EVENT_NONE = 0x00000000, - PROC_EVENT_FORK = 0x00000001, - PROC_EVENT_EXEC = 0x00000002, - PROC_EVENT_UID = 0x00000004, - PROC_EVENT_GID = 0x00000040, - PROC_EVENT_SID = 0x00000080, - PROC_EVENT_PTRACE = 0x00000100, - PROC_EVENT_COMM = 0x00000200, - /* "next" should be 0x00000400 */ - /* "last" is the last process event: exit, - * while "next to last" is coredumping event */ - PROC_EVENT_COREDUMP = 0x40000000, - PROC_EVENT_EXIT = 0x80000000 - } what; + enum proc_cn_event what; __u32 cpu; __u64 __attribute__((aligned(8))) timestamp_ns; /* Number of nano seconds since system boot */ diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index 003c7e6ec9be..b311375b8c4c 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -63,6 +63,7 @@ #include #include #include +#include #include #include @@ -767,9 +768,14 @@ static int netlink_release(struct socket *sock) /* must not acquire netlink_table_lock in any way again before unbind * and notifying genetlink is done as otherwise it might deadlock */ - if (nlk->netlink_unbind) { + if (nlk->netlink_unbind && nlk->groups) { int i; - + if (sk->sk_protocol == NETLINK_CONNECTOR) { + if (test_bit(CN_IDX_PROC - 1, nlk->groups)) { + kfree(sk->sk_user_data); + sk->sk_user_data = NULL; + } + } for (i = 0; i < nlk->ngroups; i++) if (test_bit(i, nlk->groups)) nlk->netlink_unbind(sock_net(sk), i + 1); From patchwork Fri Mar 10 22:15:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anjali Kulkarni X-Patchwork-Id: 67817 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp4214wrd; Fri, 10 Mar 2023 14:39:06 -0800 (PST) X-Google-Smtp-Source: AK7set9x7327wA9xe4Az/sDKX/3LZ6HUGQGUVPf/hQc+DkOvMhThj2AyMXUq61dtPahmh/cFC3jm X-Received: by 2002:aa7:9595:0:b0:5a9:d1b4:252d with SMTP id z21-20020aa79595000000b005a9d1b4252dmr22460035pfj.26.1678487946054; Fri, 10 Mar 2023 14:39:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1678487946; cv=none; d=google.com; s=arc-20160816; b=C1TMR25xy/3OR3p9qhHOIbjF4QI1tEZXnQpEz6s/8PSU/JUIcIWezY1wRm+JATol5Z mDfGY+vq8T8LqQdSFIXUQXZF22USIoidAUsv2+NYunAVOyJpuC0LOShKLoc1Eb7m9mQO EzW0oRPhr3YAsLgCZtliXlgHPJrnjveoe4zkFmQGU6TmkgkpTxwn9HgrsktmrNl/I1ft Obkdl4akiLJ8+ToYb/5yqz8oEngy2D8p0fZPMldgKlmZeJWPr2aEB1/4pSBkFvf36ElX u1+DPkhR60PHnpuGu1NjNoOy7trDkNfW7MbLgM7ctHhH2qMHqHOauHSFsuf3pVtNu3qv o0Gw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=qNitOfdyftQUtr/OK4KHEeLFBABIkHQ2N6q3MIkFuhs=; b=BSIRP031D/pKzGT0itH1tsQziJ6sAVLqdn+zahSzFwb8IMmUgE6okPViokSBvvSjh3 dyy9cibhzPrdxP18UBUWpJ8Y1JSNrTuvPWvTS0rj4z+IjygJWVv6875ChjzEOJpon/i7 yCSlZJIkoBI4MBJ04oMajvxQ6xF3YMBdqiG5wETb0WYHFjadnCyVQBkXXzkQSXnzel/I thFioinlqEZbyvMCWMuBWuz/QFFUXgBA3wajSKjBx6sd63+YCAfA4gjkiqM+Rm0E/Iar z9PyE0tPJ8jAyFsn5BMmMeQYSarhjrfSLbUaSchT91VBGz8YKVtbjgARq9iFL1jzA0e4 xLCQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2022-7-12 header.b=F7gUrThl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k8-20020aa79d08000000b005a8ee167e52si637032pfp.325.2023.03.10.14.38.50; Fri, 10 Mar 2023 14:39:06 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2022-7-12 header.b=F7gUrThl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231657AbjCJWQW (ORCPT + 99 others); Fri, 10 Mar 2023 17:16:22 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46366 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231495AbjCJWQQ (ORCPT ); Fri, 10 Mar 2023 17:16:16 -0500 Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com [205.220.177.32]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BA4B513F54B; Fri, 10 Mar 2023 14:16:14 -0800 (PST) Received: from pps.filterd (m0246632.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 32ALhxT1026800; Fri, 10 Mar 2023 22:15:58 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=corp-2022-7-12; bh=qNitOfdyftQUtr/OK4KHEeLFBABIkHQ2N6q3MIkFuhs=; b=F7gUrThlexIh/9AAwj4bMKQZ3L+1mQkaQVUqKoqTOtNTd0K8O764s0Obu8+cCCOuWE4i iX78MMFH9+qBYYtIeKdGVhf8ytDZYzHqogXFqSEMEEpAxZ5QnJ8gsKO+EC66NTslGObg hvjfLxZsOl0Q97PTzVtBUcRlgNnMik6eVNrIymfQvS4yhctkAju96dvSOWQI6AgXCNY/ mH7HrvakLfD1VpO1jS8aBabX8rC4rI3Ra48LV8SiRDG3oMa8qbU8Z+C66XdGrm5PtwVb Jej3FoKjZZR3cnPtYaKEQDTsvym0kVAWL2bL9NzIJ3Z7P8H61/uAeXUt1M99ZXtbF0pr jw== Received: from phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta01.appoci.oracle.com [138.1.114.2]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3p417cp9hw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Mar 2023 22:15:58 +0000 Received: from pps.filterd (phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (8.17.1.5/8.17.1.5) with ESMTP id 32AM3Xxu031713; Fri, 10 Mar 2023 22:15:57 GMT Received: from pps.reinject (localhost [127.0.0.1]) by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 3p6feqs9t9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Mar 2023 22:15:57 +0000 Received: from phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 32AMFrP1028711; Fri, 10 Mar 2023 22:15:56 GMT Received: from ca-dev112.us.oracle.com (ca-dev112.us.oracle.com [10.129.136.47]) by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTP id 3p6feqs9nh-4; Fri, 10 Mar 2023 22:15:56 +0000 From: Anjali Kulkarni To: davem@davemloft.net Cc: edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, zbr@ioremap.net, brauner@kernel.org, johannes@sipsolutions.net, ecree.xilinx@gmail.com, leon@kernel.org, keescook@chromium.org, socketcan@hartkopp.net, petrm@nvidia.com, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, anjali.k.kulkarni@oracle.com Subject: [PATCH v1 3/5] connector/cn_proc: Test code for proc connector Date: Fri, 10 Mar 2023 14:15:45 -0800 Message-Id: <20230310221547.3656194-4-anjali.k.kulkarni@oracle.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230310221547.3656194-1-anjali.k.kulkarni@oracle.com> References: <20230310221547.3656194-1-anjali.k.kulkarni@oracle.com> MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-03-10_10,2023-03-10_01,2023-02-09_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 spamscore=0 bulkscore=0 mlxlogscore=999 suspectscore=0 malwarescore=0 mlxscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2303100177 X-Proofpoint-GUID: 0T6jrbKdKirA9gnVy04BivXvtHhUm9BP X-Proofpoint-ORIG-GUID: 0T6jrbKdKirA9gnVy04BivXvtHhUm9BP X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1760022176257526488?= X-GMAIL-MSGID: =?utf-8?q?1760022176257526488?= Test code for proc connector. Signed-off-by: Anjali Kulkarni --- samples/connector/proc_filter.c | 262 ++++++++++++++++++++++++++++++++ 1 file changed, 262 insertions(+) create mode 100644 samples/connector/proc_filter.c diff --git a/samples/connector/proc_filter.c b/samples/connector/proc_filter.c new file mode 100644 index 000000000000..25202f5bc126 --- /dev/null +++ b/samples/connector/proc_filter.c @@ -0,0 +1,262 @@ +// SPDX-License-Identifier: GPL-2.0-only + +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +#define NL_MESSAGE_SIZE (sizeof(struct nlmsghdr) + sizeof(struct cn_msg) + \ + sizeof(int)) + +#define MAX_EVENTS 1 + +#ifdef ENABLE_PRINTS +#define Printf printf +#else +#define Printf +#endif + +volatile static int interrupted; +static int nl_sock, ret_errno, tcount; +static struct epoll_event evn; + +int send_message(enum proc_cn_mcast_op mcast_op) +{ + char buff[NL_MESSAGE_SIZE]; + struct nlmsghdr *hdr; + struct cn_msg *msg; + + hdr = (struct nlmsghdr *)buff; + hdr->nlmsg_len = NL_MESSAGE_SIZE; + hdr->nlmsg_type = NLMSG_DONE; + hdr->nlmsg_flags = 0; + hdr->nlmsg_seq = 0; + hdr->nlmsg_pid = getpid(); + + msg = (struct cn_msg *)NLMSG_DATA(hdr); + msg->id.idx = CN_IDX_PROC; + msg->id.val = CN_VAL_PROC; + msg->seq = 0; + msg->ack = 0; + msg->flags = 0; + + msg->len = sizeof(int); + *(int *)msg->data = mcast_op; + + if (send(nl_sock, hdr, hdr->nlmsg_len, 0) == -1) { + ret_errno = errno; + perror("send failed"); + return -3; + } + return 0; +} + +int register_proc_netlink(int *efd, enum proc_cn_mcast_op mcast_op) +{ + struct sockaddr_nl sa_nl; + int err = 0, epoll_fd; + + nl_sock = socket(PF_NETLINK, SOCK_DGRAM, NETLINK_CONNECTOR); + + if (nl_sock == -1) { + ret_errno = errno; + perror("socket failed"); + return -1; + } + + bzero(&sa_nl, sizeof(sa_nl)); + sa_nl.nl_family = AF_NETLINK; + sa_nl.nl_groups = CN_IDX_PROC; + sa_nl.nl_pid = getpid(); + + if (bind(nl_sock, (struct sockaddr *)&sa_nl, sizeof(sa_nl)) == -1) { + ret_errno = errno; + perror("bind failed"); + return -2; + } + + epoll_fd = epoll_create1(EPOLL_CLOEXEC); + if (epoll_fd < 0) { + ret_errno = errno; + perror("epoll_create1 failed"); + return -2; + } + + err = send_message(mcast_op); + if (err < 0) + return err; + + evn.events = EPOLLIN; + evn.data.fd = nl_sock; + if (epoll_ctl(epoll_fd, EPOLL_CTL_ADD, nl_sock, &evn) < 0) { + ret_errno = errno; + perror("epoll_ctl failed"); + return -3; + } + *efd = epoll_fd; + return 0; +} + +static void sigint(__attribute__((__always_unused)) int sig) +{ + interrupted = 1; +} + +int handle_packet(char *buff, int fd, struct proc_event *event) +{ + struct nlmsghdr *hdr; + + hdr = (struct nlmsghdr *)buff; + + if (hdr->nlmsg_type == NLMSG_ERROR) { + perror("NLMSG_ERROR error\n"); + return -3; + } else if (hdr->nlmsg_type == NLMSG_DONE) { + event = (struct proc_event *) + ((struct cn_msg *)NLMSG_DATA(hdr))->data; + tcount++; + switch (event->what) { + case PROC_EVENT_EXIT: + Printf("Exit process %d (tgid %d) with code %d, signal %d\n", + event->event_data.exit.process_pid, + event->event_data.exit.process_tgid, + event->event_data.exit.exit_code, + event->event_data.exit.exit_signal); + break; + case PROC_EVENT_FORK: + Printf("Fork process %d (tgid %d), parent %d (tgid %d)\n", + event->event_data.fork.child_pid, + event->event_data.fork.child_tgid, + event->event_data.fork.parent_pid, + event->event_data.fork.parent_tgid); + break; + case PROC_EVENT_EXEC: + Printf("Exec process %d (tgid %d)\n", + event->event_data.exec.process_pid, + event->event_data.exec.process_tgid); + break; + case PROC_EVENT_UID: + Printf("UID process %d (tgid %d) uid %d euid %d\n", + event->event_data.id.process_pid, + event->event_data.id.process_tgid, + event->event_data.id.r.ruid, + event->event_data.id.e.euid); + break; + case PROC_EVENT_GID: + Printf("GID process %d (tgid %d) gid %d egid %d\n", + event->event_data.id.process_pid, + event->event_data.id.process_tgid, + event->event_data.id.r.rgid, + event->event_data.id.e.egid); + break; + case PROC_EVENT_SID: + Printf("SID process %d (tgid %d)\n", + event->event_data.sid.process_pid, + event->event_data.sid.process_tgid); + break; + case PROC_EVENT_PTRACE: + Printf("Ptrace process %d (tgid %d), Tracer %d (tgid %d)\n", + event->event_data.ptrace.process_pid, + event->event_data.ptrace.process_tgid, + event->event_data.ptrace.tracer_pid, + event->event_data.ptrace.tracer_tgid); + break; + case PROC_EVENT_COMM: + Printf("Comm process %d (tgid %d) comm %s\n", + event->event_data.comm.process_pid, + event->event_data.comm.process_tgid, + event->event_data.comm.comm); + break; + case PROC_EVENT_COREDUMP: + Printf("Coredump process %d (tgid %d) parent %d, (tgid %d)\n", + event->event_data.coredump.process_pid, + event->event_data.coredump.process_tgid, + event->event_data.coredump.parent_pid, + event->event_data.coredump.parent_tgid); + break; + default: + break; + } + } + return 0; +} + +int handle_events(int epoll_fd, struct proc_event *pev) +{ + char buff[CONNECTOR_MAX_MSG_SIZE]; + struct epoll_event ev[MAX_EVENTS]; + int i, event_count = 0, err = 0; + + event_count = epoll_wait(epoll_fd, ev, MAX_EVENTS, -1); + if (event_count < 0) { + ret_errno = errno; + if (ret_errno != EINTR) + perror("epoll_wait failed"); + return -3; + } + for (i = 0; i < event_count; i++) { + if (!(ev[i].events & EPOLLIN)) + continue; + if (recv(ev[i].data.fd, buff, sizeof(buff), 0) == -1) { + ret_errno = errno; + perror("recv failed"); + return -3; + } + err = handle_packet(buff, ev[i].data.fd, pev); + if (err < 0) + return err; + } + return 0; +} + +int main(int argc, char *argv[]) +{ + int epoll_fd, err; + struct proc_event proc_ev; + + signal(SIGINT, sigint); + + err = register_proc_netlink(&epoll_fd, PROC_CN_MCAST_LISTEN); + if (err < 0) { + if (err == -2) + close(nl_sock); + if (err == -3) { + close(nl_sock); + close(epoll_fd); + } + exit(1); + } + + while (!interrupted) { + err = handle_events(epoll_fd, &proc_ev); + if (err < 0) { + if (ret_errno == EINTR) + continue; + if (err == -2) + close(nl_sock); + if (err == -3) { + close(nl_sock); + close(epoll_fd); + } + exit(1); + } + } + + send_message(PROC_CN_MCAST_IGNORE); + + close(epoll_fd); + close(nl_sock); + + printf("Done total count: %d\n", tcount); + exit(0); +} From patchwork Fri Mar 10 22:15:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anjali Kulkarni X-Patchwork-Id: 67813 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp4019wrd; Fri, 10 Mar 2023 14:38:34 -0800 (PST) X-Google-Smtp-Source: AK7set/Pd+NBLxKenQIZRK83GZG6ROjumWVCy4Ge+iDcAqnZFJWL8OgvpO2fnWi3Q3jY8zz8JPNS X-Received: by 2002:a05:6a21:329d:b0:cd:7d01:7671 with SMTP id yt29-20020a056a21329d00b000cd7d017671mr8292963pzb.22.1678487913955; Fri, 10 Mar 2023 14:38:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1678487913; cv=none; d=google.com; s=arc-20160816; b=K+SBEN7BNF7M9maVxX1sUU3vjLF76QPxA5N6n45yktNX0bx1JN5SxTzLW7+toEUjHi v34K/F4UKRmNPzJ1pPlD7OOAGRXfkLyMUOPlm9dcYO3VMtSmekTjrLWuHH2KuXwIT4cC 5ePCkBisSXbmAI6BJBrSZFsbCvsCS7x4km4fz493r9cKc1UeS5o4HBk3p1mN9RipCA4R rPpFPku+y7EBhIPrTR+Mv6vRNEAcO5W4y7+uxM1CuG0p2sAe+QpZF07virGsUN++U1e8 q0+1JQ/jDEXnA5jf2ExmRA4AzJH4r1zOI9CyeqO6FNRuWOM85L4y3qyqUUQ4bLaO2wBM BNCg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=ypj3LZpaUEhvKq+LBBjXBZ9woTF6MaJioqO/9Jg/ZvY=; b=WhphNDfmOV+7YH+C6M6k+/8qs9MxP0P4uLIRr+xAfKOb0dtcWudcxousNCf4g4YZ+W mxka5VZ/M/LlkDZqUmuDeHncuPabT2c4VDE05VrJWeXtTETaqcEVCT/KtMvVlkUwSB9N bL+CwlSdRNH+LC/CriST7BGNT4hOrCng2ABvmlLL26RbfDMbrsMxaQ9GU3PVFp9HDfnD zqXTQZNkxZstw+R8VcRxDK/erymt9prHtcV2W8Ao90OGQvwOwFUU83mOznVRYjYUoxLr v3O5gu3Jy/p0Z0fiRMHGKyOp7ZRezIU4Wt9p+Q2WJdUQGdHWJ1svFDI3QpCsrj5FIXTt ODwg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2022-7-12 header.b=qRlMRLRe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q3-20020a63d603000000b00502f9ffb8bbsi787228pgg.297.2023.03.10.14.38.18; Fri, 10 Mar 2023 14:38:33 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2022-7-12 header.b=qRlMRLRe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231787AbjCJWQb (ORCPT + 99 others); Fri, 10 Mar 2023 17:16:31 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46332 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231511AbjCJWQR (ORCPT ); Fri, 10 Mar 2023 17:16:17 -0500 Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com [205.220.177.32]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 32DCE13F559; Fri, 10 Mar 2023 14:16:15 -0800 (PST) Received: from pps.filterd (m0333520.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 32ALhqcu029130; Fri, 10 Mar 2023 22:15:59 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=corp-2022-7-12; bh=ypj3LZpaUEhvKq+LBBjXBZ9woTF6MaJioqO/9Jg/ZvY=; b=qRlMRLReg8sAL4yfs6I9XoggL+490xRr/2WxuY4gLC0Yik/UNRvV+0o0einYDyJ5key8 XOI2QhcTvlulYNh3127qvQ6JRmvau+Pckk5lELsmJNEn6ey5dIprRUx22FE5QjY2o6mH AZ9JpLTAq2lJqpXBGgAoVNMd5iBYbuw32fXeX0oa4HrWc9eqwjMqhk08TH/u2oOk7vvR Lw4Dq2eDQQRWR1skaibt0MJAWO5Ev7o7nyE2X2zeeG7VB0Y0t9kXVsJ7peyvgZEpEHgV IbIuTgQO4t+OZazdkXZwJg7WMCiGaM2ADwkKwT5rI9gRZyxtgmClTvr/hEFpzm/4rQQP fQ== Received: from phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta01.appoci.oracle.com [138.1.114.2]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3p415j6e1j-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Mar 2023 22:15:58 +0000 Received: from pps.filterd (phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (8.17.1.5/8.17.1.5) with ESMTP id 32AM171E031512; Fri, 10 Mar 2023 22:15:57 GMT Received: from pps.reinject (localhost [127.0.0.1]) by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 3p6feqs9tn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Mar 2023 22:15:57 +0000 Received: from phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 32AMFrP3028711; Fri, 10 Mar 2023 22:15:57 GMT Received: from ca-dev112.us.oracle.com (ca-dev112.us.oracle.com [10.129.136.47]) by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTP id 3p6feqs9nh-5; Fri, 10 Mar 2023 22:15:57 +0000 From: Anjali Kulkarni To: davem@davemloft.net Cc: edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, zbr@ioremap.net, brauner@kernel.org, johannes@sipsolutions.net, ecree.xilinx@gmail.com, leon@kernel.org, keescook@chromium.org, socketcan@hartkopp.net, petrm@nvidia.com, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, anjali.k.kulkarni@oracle.com Subject: [PATCH v1 4/5] connector/cn_proc: Allow non-root users access Date: Fri, 10 Mar 2023 14:15:46 -0800 Message-Id: <20230310221547.3656194-5-anjali.k.kulkarni@oracle.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230310221547.3656194-1-anjali.k.kulkarni@oracle.com> References: <20230310221547.3656194-1-anjali.k.kulkarni@oracle.com> MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-03-10_10,2023-03-10_01,2023-02-09_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 spamscore=0 bulkscore=0 mlxlogscore=999 suspectscore=0 malwarescore=0 mlxscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2303100177 X-Proofpoint-GUID: 18CqOHN4I79nNDFsZo9-0PNpUfCloFI7 X-Proofpoint-ORIG-GUID: 18CqOHN4I79nNDFsZo9-0PNpUfCloFI7 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1760022142449409189?= X-GMAIL-MSGID: =?utf-8?q?1760022142449409189?= There were a couple of reasons for not allowing non-root users access initially - one is there was some point no proper receive buffer management in place for netlink multicast. But that should be long fixed. See link below for more context. Second is that some of the messages may contain data that is root only. But this should be handled with a finer granularity, which is being done at the protocol layer. The only problematic protocols are nf_queue and the firewall netlink. Hence, this restriction for non-root access was relaxed for NETLINK_ROUTE initially: https://lore.kernel.org/all/20020612013101.A22399@wotan.suse.de/ This restriction has also been removed for following protocols: NETLINK_KOBJECT_UEVENT, NETLINK_AUDIT, NETLINK_SOCK_DIAG, NETLINK_GENERIC, NETLINK_SELINUX. Since process connector messages are not sensitive (process fork, exit notifications etc.), and anyone can read /proc data, we can allow non-root access here. However, since process event notification is not the only consumer of NETWORK_CONNECTOR, we can make this change even more fine grained than the protocol level, by checking for multicast group within the protocol. Added a new function netlink_multicast_allowed(), which checks if the protocol is NETWORK_CONNECTOR, and if multicast group is CN_IDX_PROC (process event notification) - if so, then allow non-root acceess. For other multicast groups of NETWORK_CONNECTOR, do not allow non-root access. Reason we need this change is we cannot run our DB application as root. Signed-off-by: Anjali Kulkarni --- drivers/connector/cn_proc.c | 7 ------- net/netlink/af_netlink.c | 13 ++++++++++++- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/drivers/connector/cn_proc.c b/drivers/connector/cn_proc.c index 84f38d2bd4b9..4ff7f8635a6b 100644 --- a/drivers/connector/cn_proc.c +++ b/drivers/connector/cn_proc.c @@ -375,12 +375,6 @@ static void cn_proc_mcast_ctl(struct cn_msg *msg, !task_is_in_init_pid_ns(current)) return; - /* Can only change if privileged. */ - if (!__netlink_ns_capable(nsp, &init_user_ns, CAP_NET_ADMIN)) { - err = EPERM; - goto out; - } - if (msg->len == sizeof(mc_op)) mc_op = *((enum proc_cn_mcast_op *)msg->data); else @@ -413,7 +407,6 @@ static void cn_proc_mcast_ctl(struct cn_msg *msg, break; } -out: cn_proc_ack(err, msg->seq, msg->ack); } diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index b311375b8c4c..ae30ec678ad9 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -939,6 +939,16 @@ bool netlink_net_capable(const struct sk_buff *skb, int cap) } EXPORT_SYMBOL(netlink_net_capable); +static inline bool netlink_multicast_allowed(const struct socket *sock, + unsigned long groups) +{ + if (sock->sk->sk_protocol == NETLINK_CONNECTOR) { + if (test_bit(CN_IDX_PROC - 1, &groups)) + return true; + } + return false; +} + static inline int netlink_allowed(const struct socket *sock, unsigned int flag) { return (nl_table[sock->sk->sk_protocol].flags & flag) || @@ -1025,7 +1035,8 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr, /* Only superuser is allowed to listen multicasts */ if (groups) { if (!netlink_allowed(sock, NL_CFG_F_NONROOT_RECV)) - return -EPERM; + if (!netlink_multicast_allowed(sock, groups)) + return -EPERM; err = netlink_realloc_groups(sk); if (err) return err; From patchwork Fri Mar 10 22:15:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anjali Kulkarni X-Patchwork-Id: 67788 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp1018wrd; Fri, 10 Mar 2023 14:30:35 -0800 (PST) X-Google-Smtp-Source: AK7set9lUU7UTD04pMcSbK123gOroQhOahDztpZDTpS3GqrrdrnjTVO+tj20B14NAGGnBnH8GCF6 X-Received: by 2002:a05:6a20:1585:b0:cc:32aa:8570 with SMTP id h5-20020a056a20158500b000cc32aa8570mr29606186pzj.14.1678487435441; Fri, 10 Mar 2023 14:30:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1678487435; cv=none; d=google.com; s=arc-20160816; b=jdW7x66l7NxJbznKSIDLO4nTCWf9hXMe1eDJoKpPm0Vgl0ATEL4FnEN6wEdwyTH57T PFBE1huMTNh+NDRkK+n10HhIvODCt8zdRl9ke8RUk+40/vkfE6lkuWn0a7NkwJUk/J2x E9VTrOB4p3bnMH0YkibCUiZdXZwAf4MaegMTMjbUoVlYAWBmCGPbsUcR9lTuN7rHyone TBTIQ3bdQZipd2LY+qVwR9SshcAKXE1sd5w09DnayUf6+O38J04RlEd5de5SpT7R7H2N xXnhwHcXso8JpKBubCJ+ZRDoCp4Hh9YHCjiU2qr9XA0BmZ94GNxR3pcsNXYmtAEijNuo vQtQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=nPbZuBS5NeAZwZIYE9GH/wXh/ICusYWzdpWcXbhpXA0=; b=lSOTANCQtpPbEOKzEz1DM8218Sjh2Q9cx42VCMI9ZlqeGdWrDBGrtLDlZIhvpWXOg9 8xTBTkUV1lQfVudeCN+NQLqJnDR5w94ZvKDA1goXWClB5kV8hNpeXp7FKU9uJYvx8y7j JCz6L2cEvWZWdW4gMRvALFyun1LrKOeaM17m7uvfE2vgaS/e5uWKptx9jFB2GjZPqibe 0BPQQP26XI5srhvvKZYrsP1Q4Teg5Kn7gS0QStxAoDL39j4NxucrEZvdehOI96o6yO+D 39XXsNliaM6cswcDJQCJ+QF+sB7WoKUMp5Wtqri2dyVtxOKrZaLj5KoIyOMsX3v+5iEA IivQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2022-7-12 header.b="dk/xgKDO"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r3-20020a635d03000000b00503a2ab161dsi759418pgb.534.2023.03.10.14.30.20; Fri, 10 Mar 2023 14:30:35 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2022-7-12 header.b="dk/xgKDO"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231808AbjCJWQf (ORCPT + 99 others); Fri, 10 Mar 2023 17:16:35 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46504 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231631AbjCJWQT (ORCPT ); Fri, 10 Mar 2023 17:16:19 -0500 Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com [205.220.177.32]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8C82314416C; Fri, 10 Mar 2023 14:16:16 -0800 (PST) Received: from pps.filterd (m0246631.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 32ALhqR5012735; Fri, 10 Mar 2023 22:15:59 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=corp-2022-7-12; bh=nPbZuBS5NeAZwZIYE9GH/wXh/ICusYWzdpWcXbhpXA0=; b=dk/xgKDOEpgiE6AU/CKLr2Oil6bok5GMvgH00J5yaQ5e9NPfwd6KZlkrY+GOAhZVp8si zNv/XZHvwkcSWpqZoB5w9w0bQTCku1EiD2ICpnEn+8ibWOOHCeJh6CieATEkQMy6ArYV EW+Zw/2Aupin6Xc24g+NFLlcQBH1relQ5c2mN0j3dVdHSSczOu40zLlTwCRZ8MOov2T3 L0Ya7lC6t/zlqjBpJD+6y5O4wWfGC1/pi3g4DShx4z2PN8tYJpGETLAq1UqbTRMmhUwz EFJ5fV5XMOgADL83fs4WYGWW9IfBkYcue69osFc4LMPwR2lK0rgEx32un6qeZhcalvhU aw== Received: from phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta01.appoci.oracle.com [138.1.114.2]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3p7v3w20tx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Mar 2023 22:15:59 +0000 Received: from pps.filterd (phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (8.17.1.5/8.17.1.5) with ESMTP id 32ALuYWx031530; Fri, 10 Mar 2023 22:15:58 GMT Received: from pps.reinject (localhost [127.0.0.1]) by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 3p6feqs9u3-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Mar 2023 22:15:58 +0000 Received: from phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 32AMFrP5028711; Fri, 10 Mar 2023 22:15:58 GMT Received: from ca-dev112.us.oracle.com (ca-dev112.us.oracle.com [10.129.136.47]) by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTP id 3p6feqs9nh-6; Fri, 10 Mar 2023 22:15:57 +0000 From: Anjali Kulkarni To: davem@davemloft.net Cc: edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, zbr@ioremap.net, brauner@kernel.org, johannes@sipsolutions.net, ecree.xilinx@gmail.com, leon@kernel.org, keescook@chromium.org, socketcan@hartkopp.net, petrm@nvidia.com, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, anjali.k.kulkarni@oracle.com Subject: [PATCH v1 5/5] connector/cn_proc: Performance improvements Date: Fri, 10 Mar 2023 14:15:47 -0800 Message-Id: <20230310221547.3656194-6-anjali.k.kulkarni@oracle.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230310221547.3656194-1-anjali.k.kulkarni@oracle.com> References: <20230310221547.3656194-1-anjali.k.kulkarni@oracle.com> MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-03-10_10,2023-03-10_01,2023-02-09_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 spamscore=0 bulkscore=0 mlxlogscore=999 suspectscore=0 malwarescore=0 mlxscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2303100177 X-Proofpoint-ORIG-GUID: y5W-HXhi_CaCHmr8-5phMF9JbVxad0L8 X-Proofpoint-GUID: y5W-HXhi_CaCHmr8-5phMF9JbVxad0L8 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1760021640994867382?= X-GMAIL-MSGID: =?utf-8?q?1760021640994867382?= This patch adds the capability to filter messages sent by the proc connector on the event type supplied in the message from the client to the connector. The client can register to listen for an event type given in struct proc_input. The event type supplied by client is stored in the client socket's sk_user_data field, along with the multicast LISTEN or IGNORE message. cn_filter function checks to see if the event type being notified via proc connector matches the event type requested by client, before sending(matches) or dropping(does not match) a packet. The patch takes care that existing clients using old mechanism of not sending the event type work without any changes. We also add a new event PROC_EVENT_NONZERO_EXIT, which is only sent by kernel to a listening application when any process exiting has a non-zero exit status. The proc_filter.c test file is updated to reflect the new filtering. Signed-off-by: Anjali Kulkarni --- drivers/connector/cn_proc.c | 59 +++++++++++++++++++++++++++++---- include/uapi/linux/cn_proc.h | 19 +++++++++++ samples/connector/proc_filter.c | 47 +++++++++++++++++++++++--- 3 files changed, 115 insertions(+), 10 deletions(-) diff --git a/drivers/connector/cn_proc.c b/drivers/connector/cn_proc.c index 4ff7f8635a6b..5dcdf788202b 100644 --- a/drivers/connector/cn_proc.c +++ b/drivers/connector/cn_proc.c @@ -50,21 +50,44 @@ static DEFINE_PER_CPU(struct local_event, local_event) = { static int cn_filter(struct sock *dsk, struct sk_buff *skb, void *data) { + uintptr_t val; + __u32 what, exit_code, *ptr; enum proc_cn_mcast_op mc_op; - if (!dsk) + if (!dsk || !data) return 0; + ptr = (__u32 *)data; + what = *ptr++; + exit_code = *ptr; + val = ((struct proc_input *)(dsk->sk_user_data))->event_type; mc_op = ((struct proc_input *)(dsk->sk_user_data))->mcast_op; if (mc_op == PROC_CN_MCAST_IGNORE) return 1; - return 0; + if ((__u32)val == PROC_EVENT_ALL) + return 0; + /* + * Drop packet if we have to report only non-zero exit status + * (PROC_EVENT_NONZERO_EXIT) and exit status is 0 + */ + if (((__u32)val & PROC_EVENT_NONZERO_EXIT) && + (what == PROC_EVENT_EXIT)) { + if (exit_code) + return 0; + else + return 1; + } + if ((__u32)val & what) + return 0; + return 1; } static inline void send_msg(struct cn_msg *msg) { + __u32 filter_data[2]; + local_lock(&local_event.lock); msg->seq = __this_cpu_inc_return(local_event.count) - 1; @@ -76,8 +99,15 @@ static inline void send_msg(struct cn_msg *msg) * * If cn_netlink_send() fails, the data is not sent. */ + filter_data[0] = ((struct proc_event *)msg->data)->what; + if (filter_data[0] == PROC_EVENT_EXIT) { + filter_data[1] = + ((struct proc_event *)msg->data)->event_data.exit.exit_code; + } else { + filter_data[1] = 0; + } cn_netlink_send_mult(msg, msg->len, 0, CN_IDX_PROC, GFP_NOWAIT, - cn_filter, NULL); + cn_filter, (void *)filter_data); local_unlock(&local_event.lock); } @@ -357,12 +387,15 @@ static void cn_proc_ack(int err, int rcvd_seq, int rcvd_ack) /** * cn_proc_mcast_ctl - * @data: message sent from userspace via the connector + * @msg: message sent from userspace via the connector + * @nsp: NETLINK_CB of the client's socket buffer */ static void cn_proc_mcast_ctl(struct cn_msg *msg, struct netlink_skb_parms *nsp) { enum proc_cn_mcast_op mc_op = 0, prev_mc_op = 0; + struct proc_input *pinput = NULL; + enum proc_cn_event ev_type = 0; int err = 0, initial = 0; struct sock *sk = NULL; @@ -375,11 +408,21 @@ static void cn_proc_mcast_ctl(struct cn_msg *msg, !task_is_in_init_pid_ns(current)) return; - if (msg->len == sizeof(mc_op)) + if (msg->len == sizeof(*pinput)) { + pinput = (struct proc_input *)msg->data; + mc_op = pinput->mcast_op; + ev_type = pinput->event_type; + } else if (msg->len == sizeof(mc_op)) { mc_op = *((enum proc_cn_mcast_op *)msg->data); - else + ev_type = PROC_EVENT_ALL; + } else return; + ev_type = valid_event((enum proc_cn_event)ev_type); + + if (ev_type == PROC_EVENT_NONE) + ev_type = PROC_EVENT_ALL; + if (nsp->sk) { sk = nsp->sk; if (sk->sk_user_data == NULL) { @@ -390,6 +433,8 @@ static void cn_proc_mcast_ctl(struct cn_msg *msg, prev_mc_op = ((struct proc_input *)(sk->sk_user_data))->mcast_op; } + ((struct proc_input *)(sk->sk_user_data))->event_type = + ev_type; ((struct proc_input *)(sk->sk_user_data))->mcast_op = mc_op; } @@ -401,6 +446,8 @@ static void cn_proc_mcast_ctl(struct cn_msg *msg, case PROC_CN_MCAST_IGNORE: if (!initial && (prev_mc_op != PROC_CN_MCAST_IGNORE)) atomic_dec(&proc_event_num_listeners); + ((struct proc_input *)(sk->sk_user_data))->event_type = + PROC_EVENT_NONE; break; default: err = EINVAL; diff --git a/include/uapi/linux/cn_proc.h b/include/uapi/linux/cn_proc.h index 6a06fb424313..f2afb7cc4926 100644 --- a/include/uapi/linux/cn_proc.h +++ b/include/uapi/linux/cn_proc.h @@ -30,6 +30,15 @@ enum proc_cn_mcast_op { PROC_CN_MCAST_IGNORE = 2 }; +#define PROC_EVENT_ALL (PROC_EVENT_FORK | PROC_EVENT_EXEC | PROC_EVENT_UID | \ + PROC_EVENT_GID | PROC_EVENT_SID | PROC_EVENT_PTRACE | \ + PROC_EVENT_COMM | PROC_EVENT_NONZERO_EXIT | \ + PROC_EVENT_COREDUMP | PROC_EVENT_EXIT) + +/* + * If you add an entry in proc_cn_event, make sure you add it in + * PROC_EVENT_ALL above as well. + */ enum proc_cn_event { /* Use successive bits so the enums can be used to record * sets of events as well @@ -45,15 +54,25 @@ enum proc_cn_event { /* "next" should be 0x00000400 */ /* "last" is the last process event: exit, * while "next to last" is coredumping event + * before that is report only if process dies + * with non-zero exit status */ + PROC_EVENT_NONZERO_EXIT = 0x20000000, PROC_EVENT_COREDUMP = 0x40000000, PROC_EVENT_EXIT = 0x80000000 }; struct proc_input { enum proc_cn_mcast_op mcast_op; + enum proc_cn_event event_type; }; +static inline enum proc_cn_event valid_event(enum proc_cn_event ev_type) +{ + ev_type &= PROC_EVENT_ALL; + return ev_type; +} + /* * From the user's point of view, the process * ID is the thread group ID and thread ID is the internal diff --git a/samples/connector/proc_filter.c b/samples/connector/proc_filter.c index 25202f5bc126..63504fc5f002 100644 --- a/samples/connector/proc_filter.c +++ b/samples/connector/proc_filter.c @@ -15,22 +15,33 @@ #include #include +#define FILTER + +#ifdef FILTER +#define NL_MESSAGE_SIZE (sizeof(struct nlmsghdr) + sizeof(struct cn_msg) + \ + sizeof(struct proc_input)) +#else #define NL_MESSAGE_SIZE (sizeof(struct nlmsghdr) + sizeof(struct cn_msg) + \ sizeof(int)) +#endif #define MAX_EVENTS 1 +volatile static int interrupted; +static int nl_sock, ret_errno, tcount; +static struct epoll_event evn; + #ifdef ENABLE_PRINTS #define Printf printf #else #define Printf #endif -volatile static int interrupted; -static int nl_sock, ret_errno, tcount; -static struct epoll_event evn; - +#ifdef FILTER +int send_message(struct proc_input *pinp) +#else int send_message(enum proc_cn_mcast_op mcast_op) +#endif { char buff[NL_MESSAGE_SIZE]; struct nlmsghdr *hdr; @@ -50,8 +61,14 @@ int send_message(enum proc_cn_mcast_op mcast_op) msg->ack = 0; msg->flags = 0; +#ifdef FILTER + msg->len = sizeof(struct proc_input); + ((struct proc_input *)msg->data)->mcast_op = pinp->mcast_op; + ((struct proc_input *)msg->data)->event_type = pinp->event_type; +#else msg->len = sizeof(int); *(int *)msg->data = mcast_op; +#endif if (send(nl_sock, hdr, hdr->nlmsg_len, 0) == -1) { ret_errno = errno; @@ -61,7 +78,11 @@ int send_message(enum proc_cn_mcast_op mcast_op) return 0; } +#ifdef FILTER +int register_proc_netlink(int *efd, struct proc_input *input) +#else int register_proc_netlink(int *efd, enum proc_cn_mcast_op mcast_op) +#endif { struct sockaddr_nl sa_nl; int err = 0, epoll_fd; @@ -92,7 +113,11 @@ int register_proc_netlink(int *efd, enum proc_cn_mcast_op mcast_op) return -2; } +#ifdef FILTER + err = send_message(input); +#else err = send_message(mcast_op); +#endif if (err < 0) return err; @@ -223,10 +248,19 @@ int main(int argc, char *argv[]) { int epoll_fd, err; struct proc_event proc_ev; +#ifdef FILTER + struct proc_input input; +#endif signal(SIGINT, sigint); +#ifdef FILTER + input.event_type = PROC_EVENT_NONZERO_EXIT; + input.mcast_op = PROC_CN_MCAST_LISTEN; + err = register_proc_netlink(&epoll_fd, &input); +#else err = register_proc_netlink(&epoll_fd, PROC_CN_MCAST_LISTEN); +#endif if (err < 0) { if (err == -2) close(nl_sock); @@ -252,7 +286,12 @@ int main(int argc, char *argv[]) } } +#ifdef FILTER + input.mcast_op = PROC_CN_MCAST_IGNORE; + send_message(&input); +#else send_message(PROC_CN_MCAST_IGNORE); +#endif close(epoll_fd); close(nl_sock);