Re: [PATCH bpf 1/2] bpf: udp: ipv6: Avoid running reuseport's bpf_prog from __udp6_lib_err

[Song Liu <songliubraving@fb.com>]

> On May 31, 2019, at 3:29 PM, Martin KaFai Lau <kafai@fb.com> wrote:
> 
> __udp6_lib_err() may be called when handling icmpv6 message. For example,
> the icmpv6 toobig(type=2).  __udp6_lib_lookup() is then called
> which may call reuseport_select_sock().  reuseport_select_sock() will
> call into a bpf_prog (if there is one).
> 
> reuseport_select_sock() is expecting the skb->data pointing to the
> transport header (udphdr in this case).  For example, run_bpf_filter()
> is pulling the transport header.
> 
> However, in the __udp6_lib_err() path, the skb->data is pointing to the
> ipv6hdr instead of the udphdr.
> 
> One option is to pull and push the ipv6hdr in __udp6_lib_err().
> Instead of doing this, this patch follows how the original
> commit 538950a1b752 ("soreuseport: setsockopt SO_ATTACH_REUSEPORT_[CE]BPF")
> was done in IPv4, which has passed a NULL skb pointer to
> reuseport_select_sock().
> 
> Fixes: 538950a1b752 ("soreuseport: setsockopt SO_ATTACH_REUSEPORT_[CE]BPF")
> Cc: Craig Gallek <kraig@google.com>
> Signed-off-by: Martin KaFai Lau <kafai@fb.com>

Acked-by: Song Liu <songliubraving@fb.com>

> ---
> net/ipv6/udp.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
> index 07fa579dfb96..133e6370f89c 100644
> --- a/net/ipv6/udp.c
> +++ b/net/ipv6/udp.c
> @@ -515,7 +515,7 @@ int __udp6_lib_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
> 	struct net *net = dev_net(skb->dev);
> 
> 	sk = __udp6_lib_lookup(net, daddr, uh->dest, saddr, uh->source,
> -			       inet6_iif(skb), inet6_sdif(skb), udptable, skb);
> +			       inet6_iif(skb), inet6_sdif(skb), udptable, NULL);
> 	if (!sk) {
> 		/* No socket for error: try tunnels before discarding */
> 		sk = ERR_PTR(-ENOENT);
> -- 
> 2.17.1
>