From: YiFei Zhu <zhuyifei1999@gmail.com>
To: bpf@vger.kernel.org
Cc: Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Stanislav Fomichev <sdf@google.com>,
YiFei Zhu <zhuyifei@google.com>
Subject: [PATCH bpf 0/2] Fix bpf_skb_load_bytes_relative for cgroup_skb/egress
Date: Thu, 4 Jun 2020 19:07:37 -0500 [thread overview]
Message-ID: <cover.1591315176.git.zhuyifei@google.com> (raw)
When cgroup_skb/egress triggers the MAC header is not set. On the other hand,
load_bytes_relative unconditionally calls skb_mac_header which, when MC not
set, returns a pointer after the tail pointer, breaking the logic even if the
caller requested the NET header.
Fix is to conditionally use skb_mac_header or skb_network_header depending on
the requested header, -EFAULT when the header is not set. Added a test that
asserts during cgroup_skb/egress request for MAC header returns -EFAULT and
request for NET header succeeds.
YiFei Zhu (2):
net/filter: Permit reading NET in load_bytes_relative when MAC not set
selftests/bpf: Add cgroup_skb/egress test for load_bytes_relative
net/core/filter.c | 16 +++--
.../bpf/prog_tests/load_bytes_relative.c | 71 +++++++++++++++++++
.../selftests/bpf/progs/load_bytes_relative.c | 44 ++++++++++++
3 files changed, 124 insertions(+), 7 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/load_bytes_relative.c
create mode 100644 tools/testing/selftests/bpf/progs/load_bytes_relative.c
--
2.27.0
next reply other threads:[~2020-06-05 0:08 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-05 0:07 YiFei Zhu [this message]
2020-06-05 0:07 ` [PATCH bpf 1/2] net/filter: Permit reading NET in load_bytes_relative when MAC not set YiFei Zhu
2020-06-08 13:56 ` Daniel Borkmann
2020-06-08 15:54 ` YiFei Zhu
2020-06-05 0:07 ` [PATCH bpf 2/2] selftests/bpf: Add cgroup_skb/egress test for load_bytes_relative YiFei Zhu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1591315176.git.zhuyifei@google.com \
--to=zhuyifei1999@gmail.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=sdf@google.com \
--cc=zhuyifei@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.