diff options
| author | John Fastabend <john.fastabend@gmail.com> | 2018-07-05 08:49:59 -0700 |
|---|---|---|
| committer | Alexei Starovoitov <ast@kernel.org> | 2018-07-07 15:19:29 -0700 |
| commit | 0c6bc6e531a6db36f49622f1f115770160f7afb0 (patch) | |
| tree | 77b565cda20fbeeec014f9d7c63b48d1b9c14505 /net/ife | |
| parent | 631da8534aeea2e2f8b36a832d065a203f24fa43 (diff) | |
bpf: fix sk_skb programs without skb->dev assigned
Multiple BPF helpers in use by sk_skb programs calculate the max
skb length using the __bpf_skb_max_len function. However, this
calculates the max length using the skb->dev pointer which can be
NULL when an sk_skb program is paired with an sk_msg program.
To force this a sk_msg program needs to redirect into the ingress
path of a sock with an attach sk_skb program. Then the the sk_skb
program would need to call one of the helpers that adjust the skb
size.
To fix the null ptr dereference use SKB_MAX_ALLOC size if no dev
is available.
Fixes: 8934ce2fd081 ("bpf: sockmap redirect ingress support")
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Diffstat (limited to 'net/ife')
0 files changed, 0 insertions, 0 deletions