Commit 14d8f748 authored by Jakub Kicinski's avatar Jakub Kicinski

Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf

Daniel Borkmann says:

====================
pull-request: bpf 2020-05-09

The following pull-request contains BPF updates for your *net* tree.

We've added 4 non-merge commits during the last 9 day(s) which contain
a total of 4 files changed, 11 insertions(+), 6 deletions(-).

The main changes are:

1) Fix msg_pop_data() helper incorrectly setting an sge length in some
   cases as well as fixing bpf_tcp_ingress() wrongly accounting bytes
   in sg.size, from John Fastabend.

2) Fix to return an -EFAULT error when copy_to_user() of the value
   fails in map_lookup_and_delete_elem(), from Wei Yongjun.

3) Fix sk_psock refcnt leak in tcp_bpf_recvmsg(), from Xiyu Yang.
====================
Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents 6d32a511 81aabbb9
...@@ -187,6 +187,7 @@ static inline void sk_msg_xfer(struct sk_msg *dst, struct sk_msg *src, ...@@ -187,6 +187,7 @@ static inline void sk_msg_xfer(struct sk_msg *dst, struct sk_msg *src,
dst->sg.data[which] = src->sg.data[which]; dst->sg.data[which] = src->sg.data[which];
dst->sg.data[which].length = size; dst->sg.data[which].length = size;
dst->sg.size += size; dst->sg.size += size;
src->sg.size -= size;
src->sg.data[which].length -= size; src->sg.data[which].length -= size;
src->sg.data[which].offset += size; src->sg.data[which].offset += size;
} }
......
...@@ -1485,8 +1485,10 @@ static int map_lookup_and_delete_elem(union bpf_attr *attr) ...@@ -1485,8 +1485,10 @@ static int map_lookup_and_delete_elem(union bpf_attr *attr)
if (err) if (err)
goto free_value; goto free_value;
if (copy_to_user(uvalue, value, value_size) != 0) if (copy_to_user(uvalue, value, value_size) != 0) {
err = -EFAULT;
goto free_value; goto free_value;
}
err = 0; err = 0;
......
...@@ -2590,8 +2590,8 @@ BPF_CALL_4(bpf_msg_pop_data, struct sk_msg *, msg, u32, start, ...@@ -2590,8 +2590,8 @@ BPF_CALL_4(bpf_msg_pop_data, struct sk_msg *, msg, u32, start,
} }
pop = 0; pop = 0;
} else if (pop >= sge->length - a) { } else if (pop >= sge->length - a) {
sge->length = a;
pop -= (sge->length - a); pop -= (sge->length - a);
sge->length = a;
} }
} }
......
...@@ -125,7 +125,6 @@ static int bpf_tcp_ingress(struct sock *sk, struct sk_psock *psock, ...@@ -125,7 +125,6 @@ static int bpf_tcp_ingress(struct sock *sk, struct sk_psock *psock,
if (!ret) { if (!ret) {
msg->sg.start = i; msg->sg.start = i;
msg->sg.size -= apply_bytes;
sk_psock_queue_msg(psock, tmp); sk_psock_queue_msg(psock, tmp);
sk_psock_data_ready(sk, psock); sk_psock_data_ready(sk, psock);
} else { } else {
...@@ -262,14 +261,17 @@ static int tcp_bpf_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, ...@@ -262,14 +261,17 @@ static int tcp_bpf_recvmsg(struct sock *sk, struct msghdr *msg, size_t len,
struct sk_psock *psock; struct sk_psock *psock;
int copied, ret; int copied, ret;
if (unlikely(flags & MSG_ERRQUEUE))
return inet_recv_error(sk, msg, len, addr_len);
psock = sk_psock_get(sk); psock = sk_psock_get(sk);
if (unlikely(!psock)) if (unlikely(!psock))
return tcp_recvmsg(sk, msg, len, nonblock, flags, addr_len); return tcp_recvmsg(sk, msg, len, nonblock, flags, addr_len);
if (unlikely(flags & MSG_ERRQUEUE))
return inet_recv_error(sk, msg, len, addr_len);
if (!skb_queue_empty(&sk->sk_receive_queue) && if (!skb_queue_empty(&sk->sk_receive_queue) &&
sk_psock_queue_empty(psock)) sk_psock_queue_empty(psock)) {
sk_psock_put(sk, psock);
return tcp_recvmsg(sk, msg, len, nonblock, flags, addr_len); return tcp_recvmsg(sk, msg, len, nonblock, flags, addr_len);
}
lock_sock(sk); lock_sock(sk);
msg_bytes_ready: msg_bytes_ready:
copied = __tcp_bpf_recvmsg(sk, psock, msg, len, flags); copied = __tcp_bpf_recvmsg(sk, psock, msg, len, flags);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment