android/android_kernel_asus_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
cf6260a34d
android_kernel_asus_sm8350/Documentation/networking
History
Ilya Maximets ab0085bd79 xsk: Honor SO_BINDTODEVICE on bind 
[ Upstream commit f7306acec9aae9893d15e745c8791124d42ab10a ]

Initial creation of an AF_XDP socket requires CAP_NET_RAW capability. A
privileged process might create the socket and pass it to a non-privileged
process for later use. However, that process will be able to bind the socket
to any network interface. Even though it will not be able to receive any
traffic without modification of the BPF map, the situation is not ideal.

Sockets already have a mechanism that can be used to restrict what interface
they can be attached to. That is SO_BINDTODEVICE.

To change the SO_BINDTODEVICE binding the process will need CAP_NET_RAW.

Make xsk_bind() honor the SO_BINDTODEVICE in order to allow safer workflow
when non-privileged process is using AF_XDP.

The intended workflow is following:

  1. First process creates a bare socket with socket(AF_XDP, ...).
  2. First process loads the XSK program to the interface.
  3. First process adds the socket fd to a BPF map.
  4. First process ties socket fd to a particular interface using
     SO_BINDTODEVICE.
  5. First process sends socket fd to a second process.
  6. Second process allocates UMEM.
  7. Second process binds socket to the interface with bind(...).
  8. Second process sends/receives the traffic.

All the steps above are possible today if the first process is privileged
and the second one has sufficient RLIMIT_MEMLOCK and no capabilities.
However, the second process will be able to bind the socket to any interface
it wants on step 7 and send traffic from it. With the proposed change, the
second process will be able to bind the socket only to a specific interface
chosen by the first process at step 4.

Fixes: 965a990984 ("xsk: add support for bind for Rx")
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Magnus Karlsson <magnus.karlsson@intel.com>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Link: https://lore.kernel.org/bpf/20230703175329.3259672-1-i.maximets@ovn.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-07-27 08:37:23 +02:00
..
caif docs: net: convert two README files to ReST format 2019-07-31 13:31:56 -06:00
device_drivers Documentation: networking: device drivers: Remove stray asterisks 2019-11-01 13:20:43 -07:00
dsa docs: net: dsa: sja1105: Add info about the Time-Aware Scheduler 2019-09-16 21:32:58 +02:00
mac80211_hwsim docs: net: convert two README files to ReST format 2019-07-31 13:31:56 -06:00
6lowpan.txt
6pack.txt
af_xdp.rst xsk: Honor SO_BINDTODEVICE on bind 2023-07-27 08:37:23 +02:00
alias.rst
altera_tse.txt
arcnet-hardware.txt
arcnet.txt
atm.txt
ax25.txt
batman-adv.rst batman-adv: Drop documentation about sysfs files 2019-03-25 09:31:35 +01:00
baycom.txt
bonding.txt bonding: fix ad_actor_system option setting to default 2021-12-29 12:23:35 +01:00
bridge.rst
can_ucan_protocol.rst
can.rst
cdc_mbim.txt
checksum-offloads.rst doc: networking: shorten the main title in offloads documents 2019-01-07 15:27:51 -07:00
cops.txt
cxacru-cf.py
cxacru.txt
dccp.txt
dctcp.txt
defza.txt FDDI: defza: Add support for DEC FDDIcontroller 700 TURBOchannel adapter 2018-10-15 21:46:06 -07:00
devlink-health.txt devlink: Add Documentation/networking/devlink-health.txt 2019-02-07 10:34:29 -08:00
devlink-info-versions.rst devlink: Add new info version tags for ASIC and FW 2019-09-05 09:24:43 +02:00
devlink-params-bnxt.txt
devlink-params-mlxsw.txt mlxsw: spectrum: add "acl_region_rehash_interval" devlink param 2019-02-08 15:02:50 -08:00
devlink-params-nfp.txt nfp: devlink: add 'reset_dev_on_drv_probe' support 2019-09-10 17:29:27 +01:00
devlink-params.txt devlink: add 'reset_dev_on_drv_probe' param 2019-09-10 17:29:26 +01:00
devlink-trap-netdevsim.rst Documentation: Add description of netdevsim traps 2019-08-17 12:40:09 -07:00
devlink-trap.rst Documentation: Clarify trap's description 2019-09-27 20:33:19 +02:00
dns_resolver.txt
driver.txt
eql.txt
failover.rst
fib_trie.txt
filter.txt docs/bpf: minor casing/punctuation fixes 2019-03-02 00:40:04 +01:00
fore200e.txt
framerelay.txt
gen_stats.txt
generic_netlink.txt
generic-hdlc.txt
gtp.txt
hinic.txt
ieee802154.rst doc: net: ieee802154: introduce IEEE 802.15.4 subsystem doc in rst style 2019-03-01 17:03:00 -08:00
ila.txt
index.rst Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next 2019-09-18 12:34:53 -07:00
ip_dynaddr.txt
ip-sysctl.txt Documentation: fix sctp_wmem in ip-sysctl.rst 2022-08-03 11:59:40 +02:00
ipddp.txt
iphase.txt
ipsec.txt
ipv6.txt
ipvlan.txt
ipvs-sysctl.txt netfilter: ipvs: Fix reuse connection if RS weight is 0 2021-12-01 09:23:31 +01:00
j1939.rst can: j1939: swap addr and pgn in the send example 2020-11-18 19:20:19 +01:00
kapi.rst
kcm.txt
l2tp.txt
lapb-module.txt
ltpc.txt
mac80211-auth-assoc-deauth.txt
mac80211-injection.txt
mpls-sysctl.txt Documentation/networking: fix default_ttl typo in mpls-sysctl 2019-07-01 10:41:33 -07:00
msg_zerocopy.rst doc: fix link to MSG_ZEROCOPY patchset 2019-03-18 09:50:21 -07:00
multiqueue.txt
net_dim.txt net: update net_dim documentation after rename 2019-10-10 16:37:10 -07:00
net_failover.rst
netconsole.txt
netdev-FAQ.rst Documentation: fix netdev-FAQ.rst markup warning 2019-05-01 09:12:51 -04:00
netdev-features.txt docs-networking: fix typo in define 2018-11-21 10:30:30 -08:00
netdevices.txt
netfilter-sysctl.txt
netif-msg.txt
nf_conntrack-sysctl.txt netfilter: conntrack: register sysctl table for gre 2018-12-21 00:51:25 +01:00
nf_flowtable.txt netfilter: nf_flowtable: fix documentation 2020-03-05 16:43:51 +01:00
nfc.txt
openvswitch.txt
operstates.txt Documentation: bring operstate documentation up-to-date 2019-02-11 12:38:51 -08:00
packet_mmap.txt
phonet.txt
phy.rst doc: phy: document some PHY_INTERFACE_MODE_xxx settings 2019-06-23 11:35:06 -07:00
pktgen.txt
PLIP.txt
ppp_generic.txt
proc_net_tcp.txt
radiotap-headers.txt
ray_cs.txt
rds.txt linux-next: DOC: RDS: Fix a typo in rds.txt 2019-06-12 09:56:29 -07:00
regulatory.txt
rxrpc.txt rxrpc: Allow the kernel to mark a call as being non-interruptible 2019-05-16 16:25:20 +01:00
scaling.rst doc: networking: integrate scaling document into doc tree 2019-01-20 19:10:49 -07:00
sctp.txt
secid.txt
seg6-sysctl.txt
segmentation-offloads.rst networking: : fix typos in code comments 2019-05-20 20:24:34 -04:00
sfp-phylink.rst net: phylink: clarify where phylink should be used 2019-09-16 16:53:44 +02:00
skfp.txt
snmp_counter.rst networking: fix snmp_counter.rst Doc. Warnings 2019-03-17 19:37:08 -07:00
strparser.txt
switchdev.txt switchdev: Remove unused transaction item queue 2019-03-01 21:35:19 -08:00
tc-actions-env-rules.txt
tcp-thin.txt
team.txt
timestamping.txt docs: ptp.txt: convert to ReST and move to driver-api 2019-06-14 14:31:27 -06:00
tls-offload-layers.svg Documentation: add TLS offload documentation 2019-05-22 12:18:20 -07:00
tls-offload-reorder-bad.svg Documentation: add TLS offload documentation 2019-05-22 12:18:20 -07:00
tls-offload-reorder-good.svg Documentation: add TLS offload documentation 2019-05-22 12:18:20 -07:00
tls-offload.rst Documentation: TLS: Add missing counter description 2019-11-05 18:34:06 -08:00
tls.rst Documentation: add TLS offload documentation 2019-05-22 12:18:20 -07:00
tproxy.txt
tuntap.txt net: docs: replace IPX in tuntap documentation 2019-08-08 18:06:53 -07:00
udplite.txt
vrf.txt net: provide a sysctl raw_l3mdev_accept for raw socket lookup with VRFs 2018-11-07 16:12:38 -08:00
vxlan.txt
x25-iface.txt
x25.txt
xfrm_device.txt net: switch secpath to use skb extension infrastructure 2018-12-19 11:21:38 -08:00
xfrm_proc.txt
xfrm_sync.txt
xfrm_sysctl.txt
z8530book.rst
z8530drv.txt