[PATCH bpf v5] bpf: Fixed segment issue when downgrade gso_size
From: Fred Li
Date: Sun Jul 21 2024 - 23:09:04 EST
Linearize skb when downgrad gso_size to prevent triggering
the BUG_ON during segment skb as described in [1].
v5 changes:
- add bpf subject prefix.
- adjust message to imperative mood.
v4 changes:
- add fixed tag.
v3 changes:
- linearize skb if having frag_list as Willem de Bruijn suggested [2].
[1] https://lore.kernel.org/all/20240626065555.35460-2-dracodingfly@xxxxxxxxx/
[2] https://lore.kernel.org/all/668d5cf1ec330_1c18c32947@xxxxxxxxxxxxxxxxxxxxxx.notmuch/
Fixes: 2be7e212d541 ("bpf: add bpf_skb_adjust_room helper")
Signed-off-by: Fred Li <dracodingfly@xxxxxxxxx>
---
net/core/filter.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/net/core/filter.c b/net/core/filter.c
index df4578219e82..71396ecfc574 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -3525,13 +3525,21 @@ static int bpf_skb_net_grow(struct sk_buff *skb, u32 off, u32 len_diff,
if (skb_is_gso(skb)) {
struct skb_shared_info *shinfo = skb_shinfo(skb);
- /* Due to header grow, MSS needs to be downgraded. */
- if (!(flags & BPF_F_ADJ_ROOM_FIXED_GSO))
- skb_decrease_gso_size(shinfo, len_diff);
-
/* Header must be checked, and gso_segs recomputed. */
shinfo->gso_type |= gso_type;
shinfo->gso_segs = 0;
+
+ /* Due to header grow, MSS needs to be downgraded.
+ * There is BUG_ON when segment the frag_list with
+ * head_frag true so linearize skb after downgrade
+ * the MSS.
+ */
+ if (!(flags & BPF_F_ADJ_ROOM_FIXED_GSO)) {
+ skb_decrease_gso_size(shinfo, len_diff);
+ if (shinfo->frag_list)
+ return skb_linearize(skb);
+ }
+
}
return 0;
--
2.33.0