From: Alexei Starovoitov Date: Fri, 21 Aug 2020 22:16:12 +0000 (-0700) Subject: Merge branch 'update-sockmap-from-prog' X-Git-Tag: io_uring-5.10-2020-10-20~32^2~394^2~71 X-Git-Url: https://git.kernel.dk/?a=commitdiff_plain;h=3c4a594bc81a9fd1118c34c0b959aa732f34478e;p=linux-2.6-block.git Merge branch 'update-sockmap-from-prog' Lorenz Bauer says: ==================== We're currently building a control plane for our BPF socket dispatch work. As part of that, we have a need to create a copy of an existing sockhash, to allow us to change the keys. I previously proposed allowing privileged userspace to look up sockets, which doesn't work due to security concerns (see [1]). In follow up discussions during BPF office hours we identified bpf_iter as a possible solution: instead of accessing sockets from user space we can iterate the source sockhash, and insert the values into a new map. Enabling this requires two pieces: the ability to iterate sockmap and sockhash, as well as being able to call map_update_elem from BPF. This patch set implements the latter: it's now possible to update sockmap from BPF context. As a next step, we can implement bpf_iter for sockmap. === I've done some more fixups, and audited the safe contexts more thoroughly. As a result I'm removing CGROUP_SKB, SK_MSG and SK_SKB for now. Changes in v3: - Use CHECK as much as possible (Yonghong) - Reject ARG_PTR_TO_MAP_VALUE_OR_NULL for sockmap (Yonghong) - Remove CGROUP_SKB, SK_MSG, SK_SKB from safe contexts - Test that the verifier rejects update from unsafe context Changes in v2: - Fix warning in patch #2 (Jakub K) - Renamed override_map_arg_type (John) - Only allow updating sockmap from known safe contexts (John) - Use __s64 for sockmap updates from user space (Yonghong) - Various small test fixes around test macros and such (Yonghong) Thank your for your reviews! 1: https://lore.kernel.org/bpf/20200310174711.7490-1-lmb@cloudflare.com/ ==================== Signed-off-by: Alexei Starovoitov --- 3c4a594bc81a9fd1118c34c0b959aa732f34478e