linux/net
Jesper Dangaard Brouer 88f8f40c90 bpf: Fix bpf_fib_lookup helper MTU check for SKB ctx
[ Upstream commit 2c0a10af688c02adcf127aad29e923e0056c6b69 ]

BPF end-user on Cilium slack-channel (Carlo Carraro) wants to use
bpf_fib_lookup for doing MTU-check, but *prior* to extending packet size,
by adjusting fib_params 'tot_len' with the packet length plus the expected
encap size. (Just like the bpf_check_mtu helper supports). He discovered
that for SKB ctx the param->tot_len was not used, instead skb->len was used
(via MTU check in is_skb_forwardable() that checks against netdev MTU).

Fix this by using fib_params 'tot_len' for MTU check. If not provided (e.g.
zero) then keep existing TC behaviour intact. Notice that 'tot_len' for MTU
check is done like XDP code-path, which checks against FIB-dst MTU.

V16:
- Revert V13 optimization, 2nd lookup is against egress/resulting netdev

V13:
- Only do ifindex lookup one time, calling dev_get_by_index_rcu().

V10:
- Use same method as XDP for 'tot_len' MTU check

Fixes: 4c79579b44 ("bpf: Change bpf_fib_lookup to return lookup status")
Reported-by: Carlo Carraro <colrack@gmail.com>
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/161287789444.790810.15247494756551413508.stgit@firesoul
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-03-04 10:26:17 +01:00
..
6lowpan
9p net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid 2020-11-05 11:43:20 +01:00
802
8021q net: vlan: avoid leaks on register_vlan_dev() failures 2021-01-17 14:05:31 +01:00
appletalk appletalk: Fix atalk_proc_init() return path 2020-08-11 15:33:40 +02:00
atm atm: fix a memory leak of vcc->user_back 2020-10-01 13:17:58 +02:00
ax25 AX.25: Prevent integer overflows in connect and sendmsg 2020-07-31 18:39:31 +02:00
batman-adv batman-adv: set .owner to THIS_MODULE 2020-12-02 08:49:50 +01:00
bluetooth Bluetooth: Put HCI device if inquiry procedure interrupts 2021-03-04 10:26:14 +01:00
bpf
bpfilter
bridge net: bridge: Fix a warning when del bridge sysfs 2021-02-23 15:02:25 +01:00
caif
can can: af_can: can_rx_unregister(): remove WARN() statement from list operation sanity check 2020-12-11 13:23:32 +01:00
ceph libceph: clear con->out_msg on Policy::stateful_server faults 2020-11-05 11:43:34 +01:00
core bpf: Fix bpf_fib_lookup helper MTU check for SKB ctx 2021-03-04 10:26:17 +01:00
dcb net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands 2021-01-23 15:57:59 +01:00
dccp dccp: Fix possible memleak in dccp_init and dccp_fini 2020-06-17 16:40:32 +02:00
decnet
dns_resolver
dsa net: dsa: call teardown method on probe failure 2021-02-17 10:35:19 +01:00
ethernet
hsr
ieee802154
ife
ipv4 net: ip_tunnel: fix mtu calculation 2021-02-10 09:25:32 +01:00
ipv6 IPv6: reply ICMP error if the first fragment don't include all headers 2021-02-03 23:25:55 +01:00
iucv net/af_iucv: set correct sk_protocol for child sockets 2020-12-08 10:40:23 +01:00
kcm
key af_key: relax availability checks for skb size calculation 2021-02-13 13:52:54 +01:00
l2tp l2tp: remove skb_dst_set() from l2tp_xmit_skb() 2020-07-22 09:32:47 +02:00
l3mdev
lapb net: lapb: Copy the skb before sending a packet 2021-02-10 09:25:28 +01:00
llc net: silence data-races on sk_backlog.tail 2020-10-01 13:17:15 +02:00
mac80211 mac80211: fix potential overflow when multiplying to u32 integers 2021-03-04 10:26:17 +01:00
mac802154 mac802154: tx: fix use-after-free 2020-10-01 13:18:17 +02:00
mpls
ncsi net/ncsi: Use real net-device for response handler 2021-01-12 20:16:13 +01:00
netfilter netfilter: conntrack: skip identical origin tuple in same zone only 2021-02-17 10:35:17 +01:00
netlabel netlabel: fix an uninitialized warning in netlbl_unlabel_staticlist() 2020-11-24 13:28:57 +01:00
netlink genetlink: remove genl_bind 2020-07-22 09:32:46 +02:00
netrom net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node 2020-04-29 16:33:08 +02:00
nfc NFC: fix possible resource leak 2021-02-03 23:26:01 +01:00
nsh
openvswitch net: openvswitch: ensure LSE is pullable before reading it 2020-12-08 10:40:27 +01:00
packet net/packet: fix overflow in tpacket_rcv 2020-09-09 19:12:29 +02:00
phonet
psample
qrtr net: qrtr: Fix port ID for control messages 2021-02-23 15:02:25 +01:00
rds net/rds: restrict iovecs length for RDS_CMSG_RDMA_ARGS 2021-02-17 10:35:19 +01:00
rfkill rfkill: Fix use-after-free in rfkill_resume() 2020-11-24 13:29:05 +01:00
rose rose: Fix Null pointer dereference in rose_send_frame() 2020-12-08 10:40:23 +01:00
rxrpc rxrpc: Fix clearance of Tx/Rx ring when releasing a call 2021-02-17 10:35:18 +01:00
sched net_sched: reject silly cell_log in qdisc_get_rtab() 2021-01-27 11:47:54 +01:00
sctp net: fix iteration for sctp transport seq_files 2021-02-17 10:35:19 +01:00
smc net/smc: fix direct access to ib_gid_addr->ndev in smc_ib_determine_gid() 2020-11-24 13:28:58 +01:00
strparser
sunrpc SUNRPC: Handle 0 length opaque XDR object data properly 2021-02-13 13:52:56 +01:00
switchdev net: switchdev: don't set port_obj_info->handled true when -EOPNOTSUPP 2021-02-07 15:35:46 +01:00
tipc tipc: fix NULL deref in tipc_link_xmit() 2021-01-23 15:58:00 +01:00
tls net/tls: Protect from calling tls_dev_del for TLS RX twice 2020-12-08 10:40:23 +01:00
unix skbuff: fix a data race in skb_queue_len() 2020-10-01 13:17:31 +02:00
vmw_vsock vsock: fix locking in vsock_shutdown() 2021-02-17 10:35:19 +01:00
wimax
wireless wext: fix NULL-ptr-dereference with cfg80211's lack of commit() 2021-02-03 23:25:56 +01:00
x25 net/x25: prevent a couple of overflows 2020-12-08 10:40:26 +01:00
xdp xsk: Replace datagram_poll by sock_poll_wait 2020-12-30 11:50:53 +01:00
xfrm xfrm: Fix wraparound in xfrm_policy_addr_delta() 2021-02-03 23:25:59 +01:00
compat.c net/compat: Add missing sock updates for SCM_RIGHTS 2020-08-21 13:05:25 +02:00
Kconfig
Makefile
socket.c net: Set fput_needed iff FDPUT_FPUT is set 2020-08-19 08:16:22 +02:00
sysctl_net.c