Commit 6ef6d84c authored by Prashant Bhole's avatar Prashant Bhole Committed by Daniel Borkmann

bpf: sockmap: initialize sg table entries properly

When CONFIG_DEBUG_SG is set, sg->sg_magic is initialized in
sg_init_table() and it is verified in sg api while navigating. We hit
BUG_ON when magic check is failed.

In functions sg_tcp_sendpage and sg_tcp_sendmsg, the struct containing
the scatterlist is already zeroed out. So to avoid extra memset, we
use sg_init_marker() to initialize sg_magic.

Fixed following things:
- In bpf_tcp_sendpage: initialize sg using sg_init_marker
- In bpf_tcp_sendmsg: Replace sg_init_table with sg_init_marker
- In bpf_tcp_push: Replace memset with sg_init_table where consumed
  sg entry needs to be re-initialized.
Signed-off-by: default avatarPrashant Bhole <bhole_prashant_q7@lab.ntt.co.jp>
Acked-by: default avatarJohn Fastabend <john.fastabend@gmail.com>
Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
parent f3851786
...@@ -341,7 +341,7 @@ static int bpf_tcp_push(struct sock *sk, int apply_bytes, ...@@ -341,7 +341,7 @@ static int bpf_tcp_push(struct sock *sk, int apply_bytes,
md->sg_start++; md->sg_start++;
if (md->sg_start == MAX_SKB_FRAGS) if (md->sg_start == MAX_SKB_FRAGS)
md->sg_start = 0; md->sg_start = 0;
memset(sg, 0, sizeof(*sg)); sg_init_table(sg, 1);
if (md->sg_start == md->sg_end) if (md->sg_start == md->sg_end)
break; break;
...@@ -843,7 +843,7 @@ static int bpf_tcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t size) ...@@ -843,7 +843,7 @@ static int bpf_tcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
} }
sg = md.sg_data; sg = md.sg_data;
sg_init_table(sg, MAX_SKB_FRAGS); sg_init_marker(sg, MAX_SKB_FRAGS);
rcu_read_unlock(); rcu_read_unlock();
lock_sock(sk); lock_sock(sk);
...@@ -950,10 +950,14 @@ static int bpf_tcp_sendpage(struct sock *sk, struct page *page, ...@@ -950,10 +950,14 @@ static int bpf_tcp_sendpage(struct sock *sk, struct page *page,
lock_sock(sk); lock_sock(sk);
if (psock->cork_bytes) if (psock->cork_bytes) {
m = psock->cork; m = psock->cork;
else sg = &m->sg_data[m->sg_end];
} else {
m = &md; m = &md;
sg = m->sg_data;
sg_init_marker(sg, MAX_SKB_FRAGS);
}
/* Catch case where ring is full and sendpage is stalled. */ /* Catch case where ring is full and sendpage is stalled. */
if (unlikely(m->sg_end == m->sg_start && if (unlikely(m->sg_end == m->sg_start &&
...@@ -961,7 +965,6 @@ static int bpf_tcp_sendpage(struct sock *sk, struct page *page, ...@@ -961,7 +965,6 @@ static int bpf_tcp_sendpage(struct sock *sk, struct page *page,
goto out_err; goto out_err;
psock->sg_size += size; psock->sg_size += size;
sg = &m->sg_data[m->sg_end];
sg_set_page(sg, page, size, offset); sg_set_page(sg, page, size, offset);
get_page(page); get_page(page);
m->sg_copy[m->sg_end] = true; m->sg_copy[m->sg_end] = true;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment