git.baikalelectronics.ru Git - kernel.git/commit

author	John Fastabend <john.fastabend@gmail.com>
	Wed, 3 Nov 2021 20:47:32 +0000 (13:47 -0700)
committer	Daniel Borkmann <daniel@iogearbox.net>
	Mon, 8 Nov 2021 23:56:35 +0000 (00:56 +0100)
commit	d040165ed47ef83d1bbdfe4c14d27ecfd32fdcf5
tree	8e913e6d58d17d6ec21021ac48a05e5b636f615c	tree \| snapshot
parent	cb5f50a4e319f056eeb7e7362dcc7da6e62f731b	commit \| diff

bpf, sockmap: Use stricter sk state checks in sk_lookup_assign

In order to fix an issue with sockets in TCP sockmap redirect cases we plan
to allow CLOSE state sockets to exist in the sockmap. However, the check in
bpf_sk_lookup_assign() currently only invalidates sockets in the
TCP_ESTABLISHED case relying on the checks on sockmap insert to ensure we
never SOCK_CLOSE state sockets in the map.

To prepare for this change we flip the logic in bpf_sk_lookup_assign() to
explicitly test for the accepted cases. Namely, a tcp socket in TCP_LISTEN
or a udp socket in TCP_CLOSE state. This also makes the code more resilent
to future changes.

Suggested-by: Jakub Sitnicki <jakub@cloudflare.com>
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: Jakub Sitnicki <jakub@cloudflare.com>
Link: https://lore.kernel.org/bpf/20211103204736.248403-2-john.fastabend@gmail.com

include/linux/skmsg.h		diff \| blob \| history
net/core/filter.c		diff \| blob \| history
net/core/sock_map.c		diff \| blob \| history