Re: [PATCH v6 bpf 0/4] lwt: fix return values of BPF ops

[Daniel Borkmann]

On 8/18/23 4:58 AM, Yan Zhai wrote:
> lwt xmit hook does not expect positive return values in function
> ip_finish_output2 and ip6_finish_output. However, BPF programs can
> directly return positive statuses such like NET_XMIT_DROP, NET_RX_DROP,
> and etc to the caller. Such return values would make the kernel continue
> processing already freed skbs and eventually panic.
>
> This set fixes the return values from BPF ops to unexpected continue
> processing, checks strictly on the correct continue condition for
> future proof. In addition, add missing selftests for BPF redirect
> and reroute cases for BPF-CI.
>
> v5: https://lore.kernel.org/bpf/cover.1692153515.git.yan@xxxxxxxxxxxxxx/
> v4: https://lore.kernel.org/bpf/ZMD1sFTW8SFiex+x@debian.debian/T/
> v3: https://lore.kernel.org/bpf/cover.1690255889.git.yan@xxxxxxxxxxxxxx/
> v2: https://lore.kernel.org/netdev/ZLdY6JkWRccunvu0@debian.debian/
> v1: https://lore.kernel.org/bpf/ZLbYdpWC8zt9EJtq@debian.debian/
>
> changes since v5:
>   * fix BPF-CI failures due to missing config and busybox ping issue

Series looks good, thanks! Given we're fairly close to merge window and
this has been broken for quite some time, I took this into bpf-next.

Thanks,
Daniel