bpf: Reject TCP_NODELAY in bpf-tcp-cc - kernel/linux.git

diff options

author	KaFai Wan <kafai.wan@linux.dev>	2026-04-21 18:58:02 +0300
committer	Martin KaFai Lau <martin.lau@kernel.org>	2026-04-22 22:58:57 +0300
commit	54377fcab51f6f1f8807827d3751be42279e1a6a (patch)
tree	9701d312b26056ae6154bb69a97e7399777a9dc7 /include/linux/memory_hotplug.h
parent	846c76ecc02973b05ae909dd4248c11bfa277fc1 (diff)
download	linux-54377fcab51f6f1f8807827d3751be42279e1a6a.tar.xz

bpf: Reject TCP_NODELAY in bpf-tcp-cc

A BPF TCP congestion control program can call bpf_setsockopt() from its callbacks. In current kernels, if it calls bpf_setsockopt(TCP_NODELAY) from cwnd_event_tx_start(), the call can re-enter the TCP transmit path before the outer tcp_transmit_skb() has completed and advanced the send head. This can re-trigger CA_EVENT_TX_START and lead to unbounded recursion: tcp_transmit_skb() -> tcp_event_data_sent() -> tcp_ca_event(sk, CA_EVENT_TX_START) -> cwnd_event_tx_start() -> bpf_setsockopt(TCP_NODELAY) -> tcp_push_pending_frames() -> tcp_write_xmit() -> tcp_transmit_skb() This leads to unbounded recursion and can overflow the kernel stack. Reject TCP_NODELAY with -EOPNOTSUPP for bpf-tcp-cc by introducing a dedicated setsockopt proto for BPF_PROG_TYPE_STRUCT_OPS TCP congestion control programs. To keep it simple, all tcp-cc ops is rejected for TCP_NODELAY. Fixes: 7e41df5dbba2 ("bpf: Add a few optnames to bpf_setsockopt") Suggested-by: Martin KaFai Lau <martin.lau@linux.dev> Signed-off-by: KaFai Wan <kafai.wan@linux.dev> Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org> Reviewed-by: Jiayuan Chen <jiayuan.chen@linux.dev> Link: https://patch.msgid.link/20260421155804.135786-3-kafai.wan@linux.dev

Diffstat (limited to 'include/linux/memory_hotplug.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: