git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Yan Zhai <yan@cloudflare.com>
	Fri, 18 Aug 2023 02:58:14 +0000 (19:58 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 13 Sep 2023 07:48:05 +0000 (09:48 +0200)
commit	84f40e85bdc16106b7059901c8b223a98dbc3626
tree	843fcaac6ee7cd6bc65be88c5ea2af7b4d87aa5c	tree
parent	d68c17402442f5f494a2c3ebde5cb82f6aa9160a	commit \| diff

lwt: Check LWTUNNEL_XMIT_CONTINUE strictly

[ Upstream commit a171fbec88a2c730b108c7147ac5e7b2f5a02b47 ]

LWTUNNEL_XMIT_CONTINUE is implicitly assumed in ip(6)_finish_output2,
such that any positive return value from a xmit hook could cause
unexpected continue behavior, despite that related skb may have been
freed. This could be error-prone for future xmit hook ops. One of the
possible errors is to return statuses of dst_output directly.

To make the code safer, redefine LWTUNNEL_XMIT_CONTINUE value to
distinguish from dst_output statuses and check the continue
condition explicitly.

Fixes: 3a0af8fd61f9 ("bpf: BPF for lightweight tunnel infrastructure")
Suggested-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Yan Zhai <yan@cloudflare.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/96b939b85eda00e8df4f7c080f770970a4c5f698.1692326837.git.yan@cloudflare.com
Signed-off-by: Sasha Levin <sashal@kernel.org>

include/net/lwtunnel.h		diff \| blob \| blame \| history
net/ipv4/ip_output.c		diff \| blob \| blame \| history
net/ipv6/ip6_output.c		diff \| blob \| blame \| history