From: "Toke Høiland-Jørgensen" <toke@redhat.com>
To: Marcus Wichelmann <marcus.wichelmann@hetzner-cloud.de>,
bpf@vger.kernel.org
Cc: Stanislav Fomichev <sdf@google.com>
Subject: Re: RX metadata kfuncs cause kernel panic with XDP generic mode
Date: Thu, 23 Jan 2025 17:38:14 +0100 [thread overview]
Message-ID: <87msfhqydl.fsf@toke.dk> (raw)
In-Reply-To: <dae862ec-43b5-41a0-8edf-46c59071cdda@hetzner-cloud.de>
Marcus Wichelmann <marcus.wichelmann@hetzner-cloud.de> writes:
> There is probably a check missing somewhere that prevents the use of
> these kfuncs in the scope of do_xdp_generic?
Heh, yeah, we should definitely block device-bound programs from being
attached in generic mode. Something like the below, I guess. Care to
test that out?
-Toke
diff --git a/net/core/dev.c b/net/core/dev.c
index afa2282f2604..c1fa68264989 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -9924,6 +9924,10 @@ static int dev_xdp_attach(struct net_device *dev, struct netlink_ext_ack *extack
NL_SET_ERR_MSG(extack, "Program bound to different device");
return -EINVAL;
}
+ if (bpf_prog_is_dev_bound(new_prog->aux) && mode == XDP_MODE_SKB) {
+ NL_SET_ERR_MSG(extack, "Can't attach device-bound programs in generic mode");
+ return -EINVAL;
+ }
if (new_prog->expected_attach_type == BPF_XDP_DEVMAP) {
NL_SET_ERR_MSG(extack, "BPF_XDP_DEVMAP programs can not be attached to a device");
return -EINVAL;
next prev parent reply other threads:[~2025-01-23 16:38 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-23 16:02 RX metadata kfuncs cause kernel panic with XDP generic mode Marcus Wichelmann
2025-01-23 16:38 ` Toke Høiland-Jørgensen [this message]
2025-01-23 17:59 ` Marcus Wichelmann
2025-01-23 19:51 ` Stanislav Fomichev
2025-01-23 20:21 ` Marcus Wichelmann
2025-01-23 19:13 ` Stanislav Fomichev
2025-01-23 19:34 ` Toke Høiland-Jørgensen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87msfhqydl.fsf@toke.dk \
--to=toke@redhat.com \
--cc=bpf@vger.kernel.org \
--cc=marcus.wichelmann@hetzner-cloud.de \
--cc=sdf@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.