| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 08 Oct 2020 21:45:04 -0700
From: John Fastabend <john.fastabend@...il.com>
To: john.fastabend@...il.com, alexei.starovoitov@...il.com,
daniel@...earbox.net
Cc: netdev@...r.kernel.org, bpf@...r.kernel.org, jakub@...udflare.com,
lmb@...udflare.com
Subject: [bpf-next PATCH 5/6] bpf,
sockmap: Remove skb_orphan and let normal skb_kfree do cleanup
Calling skb_orphan() is unnecessary in the strp rcv handler because the skb
is from a skb_clone() in __strp_recv. So it never has a destructor or a
sk assigned. Plus its confusing to read because it might hint to the reader
that the skb could have an sk assigned which is not true. Even if we did
have an sk assigned it would be cleaner to simply wait for the upcoming
kfree_skb().
Additionally, move the comment about strparser clone up so its closer to
the logic it is describing and add to it so that it is more complete.
Fixes: 604326b41a6fb ("bpf, sockmap: convert to generic sk_msg interface")
Signed-off-by: John Fastabend <john.fastabend@...il.com>
---
net/core/skmsg.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/net/core/skmsg.c b/net/core/skmsg.c
index 0bc8679e8033..ef68749c9104 100644
--- a/net/core/skmsg.c
+++ b/net/core/skmsg.c
@@ -686,15 +686,16 @@ static int sk_psock_bpf_run(struct sk_psock *psock, struct bpf_prog *prog,
{
int ret;
+ /* strparser clones the skb before handing it to a upper layer,
+ * meaning we have the same data, but sk is NULL. We do want an
+ * sk pointer though when we run the BPF program. So we set it
+ * here and then NULL it to ensure we don't trigger a BUG_ON()
+ * in skb/sk operations later if kfree_skb is called with a
+ * valid skb->sk pointer and no destructor assigned.
+ */
skb->sk = psock->sk;
bpf_compute_data_end_sk_skb(skb);
ret = bpf_prog_run_pin_on_cpu(prog, skb);
- /* strparser clones the skb before handing it to a upper layer,
- * meaning skb_orphan has been called. We NULL sk on the way out
- * to ensure we don't trigger a BUG_ON() in skb/sk operations
- * later and because we are not charging the memory of this skb
- * to any socket yet.
- */
skb->sk = NULL;
return ret;
}
@@ -826,7 +827,6 @@ static void sk_psock_strp_read(struct strparser *strp, struct sk_buff *skb)
}
prog = READ_ONCE(psock->progs.skb_verdict);
if (likely(prog)) {
- skb_orphan(skb);
tcp_skb_bpf_redirect_clear(skb);
ret = sk_psock_bpf_run(psock, prog, skb);
ret = sk_psock_map_verd(ret, tcp_skb_bpf_redirect_fetch(skb));
Powered by blists - more mailing lists