Re: [PATCH v6 bpf 0/4] lwt: fix return values of BPF ops
From: Yan Zhai
Date: Fri Aug 18 2023 - 12:11:34 EST
On Fri, Aug 18, 2023 at 11:08 AM Daniel Borkmann <daniel@xxxxxxxxxxxxx> wrote:
>
> On 8/18/23 6:01 PM, Yan Zhai wrote:
> > On Fri, Aug 18, 2023 at 9:55 AM Daniel Borkmann <daniel@xxxxxxxxxxxxx> wrote:
> >>
> >> On 8/18/23 4:58 AM, Yan Zhai wrote:
> >>> lwt xmit hook does not expect positive return values in function
> >>> ip_finish_output2 and ip6_finish_output. However, BPF programs can
> >>> directly return positive statuses such like NET_XMIT_DROP, NET_RX_DROP,
> >>> and etc to the caller. Such return values would make the kernel continue
> >>> processing already freed skbs and eventually panic.
> >>>
> >>> This set fixes the return values from BPF ops to unexpected continue
> >>> processing, checks strictly on the correct continue condition for
> >>> future proof. In addition, add missing selftests for BPF redirect
> >>> and reroute cases for BPF-CI.
> >>>
> >>> v5: https://lore.kernel.org/bpf/cover.1692153515.git.yan@xxxxxxxxxxxxxx/
> >>> v4: https://lore.kernel.org/bpf/ZMD1sFTW8SFiex+x@debian.debian/T/
> >>> v3: https://lore.kernel.org/bpf/cover.1690255889.git.yan@xxxxxxxxxxxxxx/
> >>> v2: https://lore.kernel.org/netdev/ZLdY6JkWRccunvu0@debian.debian/
> >>> v1: https://lore.kernel.org/bpf/ZLbYdpWC8zt9EJtq@debian.debian/
> >>>
> >>> changes since v5:
> >>> * fix BPF-CI failures due to missing config and busybox ping issue
> >>
> >> Series looks good, thanks! Given we're fairly close to merge window and
> >> this has been broken for quite some time, I took this into bpf-next.
> >>
> > Thanks Daniel! Can you also queue this up for stable (or guide how I can do it)?
>
> Given the Fixes tags, it will be picked up automatically once it lands in
> Linus' tree.
>
Wonderful. Thank you!
> Thanks,
> Daniel