Re: [PATCH] bpf: Check the return value of dev_get_by_index_rcu()
From: Daniel Borkmann
Date: Fri Nov 20 2020 - 11:02:28 EST
On 11/20/20 4:19 PM, David Ahern wrote:
On 11/20/20 8:13 AM, Daniel Borkmann wrote:
[ +David ]
On 11/19/20 8:04 AM, xiakaixu1987@xxxxxxxxx wrote:
From: Kaixu Xia <kaixuxia@xxxxxxxxxxx>
The return value of dev_get_by_index_rcu() can be NULL, so here it
is need to check the return value and return error code if it is NULL.
Signed-off-by: Kaixu Xia <kaixuxia@xxxxxxxxxxx>
---
net/core/filter.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/core/filter.c b/net/core/filter.c
index 2ca5eecebacf..1263fe07170a 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -5573,6 +5573,8 @@ BPF_CALL_4(bpf_skb_fib_lookup, struct sk_buff *,
skb,
struct net_device *dev;
dev = dev_get_by_index_rcu(net, params->ifindex);
+ if (unlikely(!dev))
+ return -EINVAL;
if (!is_skb_forwardable(dev, skb))
rc = BPF_FIB_LKUP_RET_FRAG_NEEDED;
rcu lock is held right? It is impossible for dev to return NULL here.
Yes, we're under RCU read side. Was wondering whether we could unlink it
from the list but not yet free it, but also that seems not possible since
we'd first need to close it which already has a synchronize_net(). So not
an issue what Kaixu describes in the commit msg, agree.