bpf: Run generic devmap egress prog on private skb#8032
Open
kernel-patches-daemon-bpf-rc[bot] wants to merge 1 commit into
Open
bpf: Run generic devmap egress prog on private skb#8032kernel-patches-daemon-bpf-rc[bot] wants to merge 1 commit into
kernel-patches-daemon-bpf-rc[bot] wants to merge 1 commit into
Conversation
Author
|
Upstream branch: e7ae89a |
Generic XDP devmap multi redirect uses skb_clone() for the intermediate destinations and sends the last destination with the original skb. This can leave multiple destinations sharing the same packet data. This becomes visible when a devmap egress program mutates packet data. One destination can observe changes made for another destination. The last-destination path has the same problem: the last destination runs on the original skb, so its egress program can modify packet data still shared with earlier cloned skbs. Native XDP broadcast redirect does not have this issue because xdpf_clone() copies the frame data for each destination. Generic XDP should provide the same per-destination isolation before running a devmap egress program. Fix this by making cloned skbs private in dev_map_generic_redirect() before running the devmap egress program. Use skb_copy() instead of skb_unshare() so that allocation failure does not consume the skb and the existing caller error paths keep their ownership semantics. Add a selftest that covers the last-destination case where earlier destinations do not have a devmap egress program, while the final destination does. Tested with: ./test_progs -t xdp_veth_egress ./test_progs -t xdp_veth ./test_progs -t xdp Fixes: e624d4e ("xdp: Extend xdp_redirect_map with broadcast support") Suggested-by: Jiayuan Chen <jiayuan.chen@linux.dev> Signed-off-by: Sun Jian <sun.jian.kdev@gmail.com> Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com>
Author
|
Upstream branch: e7ae89a |
kernel-patches-daemon-bpf-rc
Bot
force-pushed
the
series/1109185=>bpf
branch
from
2d5ba2b to
9504f14
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull request for series with
subject: bpf: Run generic devmap egress prog on private skb
version: 2
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=1109185