[PATCH bpf v2 3/3] bpf, xdp: reject offloaded programs on link update

Next message: Jiayuan Chen: "[PATCH bpf v2 1/3] bpf, tcx: reject offloaded programs on attach"
Previous message: Shengjiu Wang: "[PATCH 4/5] ASoC: fsl-asoc-card: exclude S20_3LE format due to clock limitations"
In reply to: Jiayuan Chen: "[PATCH bpf v2 2/3] bpf, netkit: reject offloaded programs on attach"
Next in thread: Jiayuan Chen: "[PATCH bpf v2 1/3] bpf, tcx: reject offloaded programs on attach"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jiayuan Chen

Date: Fri Apr 24 2026 - 06:43:23 EST

Same class of bug as the tcx/netkit fixes: bpf_xdp_link_update() calls
dev_xdp_install() directly and bypasses dev_xdp_attach(), so the offload
check in dev_xdp_attach() is skipped. A user can create an XDP link in
SKB or native mode with a regular program and then replace it via
BPF_LINK_UPDATE with an offloaded program, whose bpf_func is
bpf_prog_warn_on_exec(), tripping the WARN on the first packet.

Mirror the check from dev_xdp_attach(): reject when the link is not in
HW mode and the new program is offloaded.

Fixes: 026a4c28e1db3 ("bpf, xdp: Implement LINK_UPDATE for BPF XDP link")
Signed-off-by: Jiayuan Chen <jiayuan.chen@xxxxxxxxx>
---
net/core/dev.c | 5 +++++
1 file changed, 5 insertions(+)

diff --git a/net/core/dev.c b/net/core/dev.c
index 831129f2a69b5..984d44b2a626d 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -10648,6 +10648,11 @@ static int bpf_xdp_link_update(struct bpf_link *link, struct bpf_prog *new_prog,

netdev_lock_ops(xdp_link->dev);
mode = dev_xdp_mode(xdp_link->dev, xdp_link->flags);
+ if (mode != XDP_MODE_HW && bpf_prog_is_offloaded(new_prog->aux)) {
+ netdev_unlock_ops(xdp_link->dev);
+ err = -EINVAL;
+ goto out_unlock;
+ }
bpf_op = dev_xdp_bpf_op(xdp_link->dev, mode);
err = dev_xdp_install(xdp_link->dev, mode, bpf_op, NULL,
xdp_link->flags, new_prog);
--
2.43.0