diff options
| author | Martin KaFai Lau <kafai@fb.com> | 2019-06-01 01:29:11 +0300 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2019-07-03 14:13:43 +0300 |
| commit | bb3fb093b41f10315e93ca2974164243958a6f51 (patch) | |
| tree | 2fa91b1292b0b860b769c8bfd5d3c30b168fb3cc /lib/test_overflow.c | |
| parent | da6dab6373b223a3f05df6b2236a3ffa81ed7cb8 (diff) | |
| download | linux-bb3fb093b41f10315e93ca2974164243958a6f51.tar.xz | |
bpf: udp: ipv6: Avoid running reuseport's bpf_prog from __udp6_lib_err
commit 4ac30c4b3659efac031818c418beb51e630d512d upstream.
__udp6_lib_err() may be called when handling icmpv6 message. For example,
the icmpv6 toobig(type=2). __udp6_lib_lookup() is then called
which may call reuseport_select_sock(). reuseport_select_sock() will
call into a bpf_prog (if there is one).
reuseport_select_sock() is expecting the skb->data pointing to the
transport header (udphdr in this case). For example, run_bpf_filter()
is pulling the transport header.
However, in the __udp6_lib_err() path, the skb->data is pointing to the
ipv6hdr instead of the udphdr.
One option is to pull and push the ipv6hdr in __udp6_lib_err().
Instead of doing this, this patch follows how the original
commit 538950a1b752 ("soreuseport: setsockopt SO_ATTACH_REUSEPORT_[CE]BPF")
was done in IPv4, which has passed a NULL skb pointer to
reuseport_select_sock().
Fixes: 538950a1b752 ("soreuseport: setsockopt SO_ATTACH_REUSEPORT_[CE]BPF")
Cc: Craig Gallek <kraig@google.com>
Signed-off-by: Martin KaFai Lau <kafai@fb.com>
Acked-by: Song Liu <songliubraving@fb.com>
Acked-by: Craig Gallek <kraig@google.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'lib/test_overflow.c')
0 files changed, 0 insertions, 0 deletions