Commit 2d48c5f9 authored by Daniel Borkmann's avatar Daniel Borkmann Committed by David S. Miller

bpf: use skb_to_full_sk helper in bpf_skb_under_cgroup

We need to use skb_to_full_sk() helper introduced in commit bd5eb35f
("xfrm: take care of request sockets") as otherwise we miss tcp synack
messages, since ownership is on request socket and therefore it would
miss the sk_fullsock() check. Use skb_to_full_sk() as also done similarly
in the bpf_get_cgroup_classid() helper via 2309236c ("cls_cgroup:
get sk_classid only from full sockets") fix to not let this fall through.

Fixes: 4a482f34 ("cgroup: bpf: Add bpf_skb_in_cgroup_proto")
Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
Acked-by: default avatarAlexei Starovoitov <ast@kernel.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent c14fec39
...@@ -2408,7 +2408,7 @@ BPF_CALL_3(bpf_skb_under_cgroup, struct sk_buff *, skb, struct bpf_map *, map, ...@@ -2408,7 +2408,7 @@ BPF_CALL_3(bpf_skb_under_cgroup, struct sk_buff *, skb, struct bpf_map *, map,
struct cgroup *cgrp; struct cgroup *cgrp;
struct sock *sk; struct sock *sk;
sk = skb->sk; sk = skb_to_full_sk(skb);
if (!sk || !sk_fullsock(sk)) if (!sk || !sk_fullsock(sk))
return -ENOENT; return -ENOENT;
if (unlikely(idx >= array->map.max_entries)) if (unlikely(idx >= array->map.max_entries))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment