[PATCH bpf v2 0/4] bpf: Update transport_header when encapsulating UDP tunnel in lwt

Next message: Michael S. Tsirkin: "[PATCH v9 09/37] mm: hugetlb: thread user_addr through gigantic page allocation"
Previous message: Mathieu Poirier: "Re: [PATCH v3 0/2] remoteproc: xlnx: add auto-boot support"
Next in thread: Leon Hwang: "[PATCH bpf v2 1/4] bpf: Fix TOCTOU issue in lwt"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Leon Hwang

Date: Fri May 29 2026 - 11:46:05 EST

Currently, bpf_lwt_push_ip_encap() does not update skb->transport_header.
When a driver, e.g. ice, reuses the stale skb->transport_header to
offload checksum computation to NIC hardware, VxLAN packets encapsulated
by bpf_lwt_push_encap() helper may be dropped due to incorrect checksum.

Update skb->transport_header in bpf_lwt_push_ip_encap() whenever the
encapsulated packet uses UDP, so checksum offload works correctly.

Fix these two issues reported by sashiko:

1. memcpy() hdr to a local buffer to avoid TOCTOU issue.
1. "iph->ihl < 5" was missing to avoid infinite-loop in MIPS driver.

Changes:
v1 -> v2:
* Address sashiko's reviews:
* Fix TOCTOU issue in lwt to avoid changing hdr after checks.
* Add check iph->ihl < 5 in lwt to avoid infinite-loop in MIPS driver.
* Update comment style in selftests with BPF comment style.
* v1: https://lore.kernel.org/bpf/20260525142650.2569-1-leon.hwang@xxxxxxxxx/

Leon Hwang (4):
bpf: Fix TOCTOU issue in lwt
bpf: Add check iph->ihl < 5 in lwt
bpf: Update transport_header when encapsulating UDP tunnel in lwt
selftests/bpf: Add tests to verify the fix of encapsulating VxLAN in
lwt

net/core/lwt_bpf.c | 20 ++-
.../selftests/bpf/prog_tests/lwt_ip_encap.c | 158 ++++++++++++++++++
.../selftests/bpf/progs/test_lwt_ip_encap.c | 112 +++++++++++++
.../bpf/progs/test_lwt_ip_encap_fix.c | 36 ++++
4 files changed, 323 insertions(+), 3 deletions(-)
create mode 100644 tools/testing/selftests/bpf/progs/test_lwt_ip_encap_fix.c

--
2.54.0