Commit 157f2915 authored by Breno Leitao's avatar Breno Leitao Committed by Jakub Kicinski

netkit: Assign missing bpf_net_context

During the introduction of struct bpf_net_context handling for
XDP-redirect, the netkit driver has been missed, which also requires it
because NETKIT_REDIRECT invokes skb_do_redirect() which is accessing the
per-CPU variables. Otherwise we see the following crash:

	BUG: kernel NULL pointer dereference, address: 0000000000000038
	bpf_redirect()
	netkit_xmit()
	dev_hard_start_xmit()

Set the bpf_net_context before invoking netkit_xmit() program within the
netkit driver.

Fixes: 401cb7da ("net: Reference bpf_redirect_info via task_struct on PREEMPT_RT.")
Signed-off-by: default avatarBreno Leitao <leitao@debian.org>
Acked-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
Reviewed-by: default avatarSebastian Andrzej Siewior <bigeasy@linutronix.de>
Reviewed-by: default avatarToke Høiland-Jørgensen <toke@redhat.com>
Acked-by: default avatarNikolay Aleksandrov <razor@blackwall.org>
Acked-by: default avatarMartin KaFai Lau <martin.lau@kernel.org>
Link: https://patch.msgid.link/20240912155620.1334587-1-leitao@debian.orgSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent 4144a105
...@@ -65,6 +65,7 @@ static struct netkit *netkit_priv(const struct net_device *dev) ...@@ -65,6 +65,7 @@ static struct netkit *netkit_priv(const struct net_device *dev)
static netdev_tx_t netkit_xmit(struct sk_buff *skb, struct net_device *dev) static netdev_tx_t netkit_xmit(struct sk_buff *skb, struct net_device *dev)
{ {
struct bpf_net_context __bpf_net_ctx, *bpf_net_ctx;
struct netkit *nk = netkit_priv(dev); struct netkit *nk = netkit_priv(dev);
enum netkit_action ret = READ_ONCE(nk->policy); enum netkit_action ret = READ_ONCE(nk->policy);
netdev_tx_t ret_dev = NET_XMIT_SUCCESS; netdev_tx_t ret_dev = NET_XMIT_SUCCESS;
...@@ -72,6 +73,7 @@ static netdev_tx_t netkit_xmit(struct sk_buff *skb, struct net_device *dev) ...@@ -72,6 +73,7 @@ static netdev_tx_t netkit_xmit(struct sk_buff *skb, struct net_device *dev)
struct net_device *peer; struct net_device *peer;
int len = skb->len; int len = skb->len;
bpf_net_ctx = bpf_net_ctx_set(&__bpf_net_ctx);
rcu_read_lock(); rcu_read_lock();
peer = rcu_dereference(nk->peer); peer = rcu_dereference(nk->peer);
if (unlikely(!peer || !(peer->flags & IFF_UP) || if (unlikely(!peer || !(peer->flags & IFF_UP) ||
...@@ -110,6 +112,7 @@ static netdev_tx_t netkit_xmit(struct sk_buff *skb, struct net_device *dev) ...@@ -110,6 +112,7 @@ static netdev_tx_t netkit_xmit(struct sk_buff *skb, struct net_device *dev)
break; break;
} }
rcu_read_unlock(); rcu_read_unlock();
bpf_net_ctx_clear(bpf_net_ctx);
return ret_dev; return ret_dev;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment