bpf: Unshare cloned skb before devmap egress XDP program#12402
Open
kernel-patches-daemon-bpf[bot] wants to merge 1 commit into
Open
bpf: Unshare cloned skb before devmap egress XDP program#12402kernel-patches-daemon-bpf[bot] wants to merge 1 commit into
kernel-patches-daemon-bpf[bot] wants to merge 1 commit into
Conversation
Author
|
Upstream branch: b9452b5 |
kernel-patches-daemon-bpf
Bot
force-pushed
the
bpf-next_base
branch
from
68b80e2 to
9978c13
Compare
Author
|
Upstream branch: dd0f968 |
kernel-patches-daemon-bpf
Bot
force-pushed
the
series/1108462=>bpf-next
branch
from
c18b415 to
3bff632
Compare
kernel-patches-daemon-bpf
Bot
force-pushed
the
bpf-next_base
branch
from
9978c13 to
e25ce50
Compare
Author
|
Upstream branch: f1a660b |
kernel-patches-daemon-bpf
Bot
force-pushed
the
series/1108462=>bpf-next
branch
from
3bff632 to
f821f98
Compare
kernel-patches-daemon-bpf
Bot
force-pushed
the
bpf-next_base
branch
from
e25ce50 to
a572b20
Compare
Author
|
Upstream branch: 68f4e48 |
kernel-patches-daemon-bpf
Bot
force-pushed
the
series/1108462=>bpf-next
branch
from
f821f98 to
6a96564
Compare
kernel-patches-daemon-bpf
Bot
force-pushed
the
bpf-next_base
branch
from
a572b20 to
3a26044
Compare
Author
|
Upstream branch: c15261b |
kernel-patches-daemon-bpf
Bot
force-pushed
the
series/1108462=>bpf-next
branch
from
6a96564 to
ec73b72
Compare
kernel-patches-daemon-bpf
Bot
force-pushed
the
bpf-next_base
branch
from
3a26044 to
818f7b1
Compare
Author
|
Upstream branch: 140fa23 |
dev_map_redirect_clone() uses skb_clone() when redirecting a generic XDP skb to multiple devmap destinations. The cloned skb can share packet data with other clones. If the destination devmap entry has an egress XDP program, that program can modify packet data. Such modifications can then be observed by other clones sharing the same packet data. This can be reproduced by strengthening xdp_veth_egress to configure a different source MAC for each egress device and checking that store_mac_1/2 observe the MAC configured for their own egress devices. Without the fix, the SKB_MODE subtest observes store_mac_1 receiving the MAC configured for the next egress device. Fix this by unsharing the cloned skb before running the devmap egress XDP program. Limit the extra copy to destinations with an attached egress program. Tested with: ./test_progs -t xdp_veth_egress ./test_progs -t xdp_veth ./test_progs -t xdp Fixes: e624d4e ("xdp: Extend xdp_redirect_map with broadcast support") Signed-off-by: Sun Jian <sun.jian.kdev@gmail.com>
kernel-patches-daemon-bpf
Bot
force-pushed
the
series/1108462=>bpf-next
branch
from
ec73b72 to
ef2e63a
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull request for series with
subject: bpf: Unshare cloned skb before devmap egress XDP program
version: 1
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=1108462