Commit 14d8f748 authored by Jakub Kicinski's avatar Jakub Kicinski
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf 



Daniel Borkmann says:

====================
pull-request: bpf 2020-05-09

The following pull-request contains BPF updates for your *net* tree.

We've added 4 non-merge commits during the last 9 day(s) which contain
a total of 4 files changed, 11 insertions(+), 6 deletions(-).

The main changes are:

1) Fix msg_pop_data() helper incorrectly setting an sge length in some
   cases as well as fixing bpf_tcp_ingress() wrongly accounting bytes
   in sg.size, from John Fastabend.

2) Fix to return an -EFAULT error when copy_to_user() of the value
   fails in map_lookup_and_delete_elem(), from Wei Yongjun.

3) Fix sk_psock refcnt leak in tcp_bpf_recvmsg(), from Xiyu Yang.
====================

Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents 6d32a511 81aabbb9

include/linux/skmsg.h

+1 −0
Original line number Diff line number Diff line
@@ -187,6 +187,7 @@ static inline void sk_msg_xfer(struct sk_msg *dst, struct sk_msg *src, 
	dst->sg.data[which] = src->sg.data[which];

	dst->sg.data[which].length  = size;

	dst->sg.size		   += size;

	src->sg.size		   -= size;

	src->sg.data[which].length -= size;

	src->sg.data[which].offset += size;

}

kernel/bpf/syscall.c

+3 −1
Original line number Diff line number Diff line
@@ -1485,8 +1485,10 @@ static int map_lookup_and_delete_elem(union bpf_attr *attr) 
	if (err)

		goto free_value;



	if (copy_to_user(uvalue, value, value_size) != 0)

	if (copy_to_user(uvalue, value, value_size) != 0) {

		err = -EFAULT;

		goto free_value;

	}



	err = 0;

net/core/filter.c

+1 −1
Original line number Diff line number Diff line
@@ -2590,8 +2590,8 @@ BPF_CALL_4(bpf_msg_pop_data, struct sk_msg *, msg, u32, start, 
			}

			pop = 0;

		} else if (pop >= sge->length - a) {

			sge->length = a;

			pop -= (sge->length - a);

			sge->length = a;

		}

	}

net/ipv4/tcp_bpf.c

+6 −4
Original line number Diff line number Diff line
@@ -125,7 +125,6 @@ static int bpf_tcp_ingress(struct sock *sk, struct sk_psock *psock, 


	if (!ret) {

		msg->sg.start = i;

		msg->sg.size -= apply_bytes;

		sk_psock_queue_msg(psock, tmp);

		sk_psock_data_ready(sk, psock);

	} else {
@@ -262,14 +261,17 @@ static int tcp_bpf_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, 
	struct sk_psock *psock;

	int copied, ret;



	if (unlikely(flags & MSG_ERRQUEUE))

		return inet_recv_error(sk, msg, len, addr_len);



	psock = sk_psock_get(sk);

	if (unlikely(!psock))

		return tcp_recvmsg(sk, msg, len, nonblock, flags, addr_len);

	if (unlikely(flags & MSG_ERRQUEUE))

		return inet_recv_error(sk, msg, len, addr_len);

	if (!skb_queue_empty(&sk->sk_receive_queue) &&

	    sk_psock_queue_empty(psock))

	    sk_psock_queue_empty(psock)) {

		sk_psock_put(sk, psock);

		return tcp_recvmsg(sk, msg, len, nonblock, flags, addr_len);

	}

	lock_sock(sk);

msg_bytes_ready:

	copied = __tcp_bpf_recvmsg(sk, psock, msg, len, flags);

CRA Git | Maintained and supported by SUSTech CRA and CCSE