Comment 18 for bug 1839912
Revision history for this message
| Thadeu Lima de Souza Cascardo (cascardo) wrote | #18 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
So, while looking further, I found out that 1aa12bdf1bfb ("bpf: sockmap, add sock close() hook to remove socks") is not even present on our 4.15 kernels. Not sure why the two commits were backported. The tcp,ulp one seems fine to keep.
Even 952fad8e3239 ("bpf: fix sock_map_alloc() error path") is not necessary if we are not setting err right before, which we do with 1aa12bdf1bfb. Other patches do not even apply, they are really dependent on 1aa12bdf1bfb.
1aa12bdf1bfb, on the other hand, would be necessary, because I was able to reproduce a BPF program leak. But that requires the use of sockmap, which is restricted to root userns CAP_NET_ADMIN.
So, we need to pick 1aa12bdf1bfb and all of those fixes, or simply revert 5028027844cf ("bpf: test_maps, only support ESTABLISHED socks").