Skip to content

Commit becc0ba

Browse files
jsitnickiKernel Patches Daemon
jsitnicki
authored and
Kernel Patches Daemon
committed
bpf: Make bpf_skb_adjust_room metadata-safe
bpf_skb_adjust_room() may push or pull bytes from skb->data. In both cases, skb metadata must be moved accordingly to stay accessible. Replace existing memmove() calls, which only move payload, with a helper that also handles metadata. Reserve enough space for metadata to fit after skb_push. Signed-off-by: Jakub Sitnicki <[email protected]>
1 parent ecf7383 commit becc0ba

File tree

1 file changed

+5
-4
lines changed

1 file changed

+5
-4
lines changed

net/core/filter.c

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -3260,11 +3260,11 @@ static void bpf_skb_change_protocol(struct sk_buff *skb, u16 proto)
32603260

32613261
static int bpf_skb_generic_push(struct sk_buff *skb, u32 off, u32 len)
32623262
{
3263-
/* Caller already did skb_cow() with len as headroom,
3263+
/* Caller already did skb_cow() with meta_len+len as headroom,
32643264
* so no need to do it here.
32653265
*/
32663266
skb_push(skb, len);
3267-
memmove(skb->data, skb->data + len, off);
3267+
skb_postpush_data_move(skb, len, off);
32683268
memset(skb->data + off, 0, len);
32693269

32703270
/* No skb_postpush_rcsum(skb, skb->data + off, len)
@@ -3288,7 +3288,7 @@ static int bpf_skb_generic_pop(struct sk_buff *skb, u32 off, u32 len)
32883288
old_data = skb->data;
32893289
__skb_pull(skb, len);
32903290
skb_postpull_rcsum(skb, old_data + off, len);
3291-
memmove(skb->data, old_data, off);
3291+
skb_postpull_data_move(skb, len, off);
32923292

32933293
return 0;
32943294
}
@@ -3496,6 +3496,7 @@ static int bpf_skb_net_grow(struct sk_buff *skb, u32 off, u32 len_diff,
34963496
u8 inner_mac_len = flags >> BPF_ADJ_ROOM_ENCAP_L2_SHIFT;
34973497
bool encap = flags & BPF_F_ADJ_ROOM_ENCAP_L3_MASK;
34983498
u16 mac_len = 0, inner_net = 0, inner_trans = 0;
3499+
const u8 meta_len = skb_metadata_len(skb);
34993500
unsigned int gso_type = SKB_GSO_DODGY;
35003501
int ret;
35013502

@@ -3506,7 +3507,7 @@ static int bpf_skb_net_grow(struct sk_buff *skb, u32 off, u32 len_diff,
35063507
return -ENOTSUPP;
35073508
}
35083509

3509-
ret = skb_cow_head(skb, len_diff);
3510+
ret = skb_cow_head(skb, meta_len + len_diff);
35103511
if (unlikely(ret < 0))
35113512
return ret;
35123513

0 commit comments

Comments
 (0)