summaryrefslogtreecommitdiffstats
path: root/include/net
diff options
context:
space:
mode:
authorJohn Fastabend <john.fastabend@gmail.com>2017-10-27 18:45:34 +0200
committerDavid S. Miller <davem@davemloft.net>2017-10-29 03:18:48 +0100
commit8108a77515126f6db4374e8593956e20430307c0 (patch)
tree0c6e1ae0c05ad353f1fa675edcdaad6cf9b333b3 /include/net
parenttap: reference to KVA of an unloaded module causes kernel panic (diff)
downloadlinux-8108a77515126f6db4374e8593956e20430307c0.tar.xz
linux-8108a77515126f6db4374e8593956e20430307c0.zip
bpf: bpf_compute_data uses incorrect cb structure
SK_SKB program types use bpf_compute_data to store the end of the packet data. However, bpf_compute_data assumes the cb is stored in the qdisc layer format. But, for SK_SKB this is the wrong layer of the stack for this type. It happens to work (sort of!) because in most cases nothing happens to be overwritten today. This is very fragile and error prone. Fortunately, we have another hole in tcp_skb_cb we can use so lets put the data_end value there. Note, SK_SKB program types do not use data_meta, they are failed by sk_skb_is_valid_access(). Signed-off-by: John Fastabend <john.fastabend@gmail.com> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net')
-rw-r--r--include/net/tcp.h1
1 files changed, 1 insertions, 0 deletions
diff --git a/include/net/tcp.h b/include/net/tcp.h
index b1ef98ebce53..33599d17522d 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -844,6 +844,7 @@ struct tcp_skb_cb {
__u32 key;
__u32 flags;
struct bpf_map *map;
+ void *data_end;
} bpf;
};
};