[PATCH bpf 2/2] bpf, netkit: reject offloaded programs on attach

Next message: patchwork-bot+netdevbpf: "Re: [PATCH] docs: maintainer-netdev: fix typo in &quot;targeting&quot;"
Previous message: Jiayuan Chen: "[PATCH bpf 0/2] bpf: prevent offloaded programs from running on host via tcx/netkit"
In reply to: Jiayuan Chen: "[PATCH bpf 1/2] bpf, tcx: reject offloaded programs on attach"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jiayuan Chen

Date: Wed Apr 22 2026 - 23:39:39 EST

Same issue as the tcx fix: netkit accepts SCHED_CLS programs but never
checks if they were loaded for hardware offload. If someone loads a
program with prog_ifindex pointing to an offload-capable device and then
attaches it to a netkit peer, the bpf_func is bpf_prog_warn_on_exec()
and the first packet triggers the WARN.

Reject offloaded programs in both netkit_prog_attach() and
netkit_link_attach().

Fixes: 35dfaad7188cd ("netkit, bpf: Add bpf programmable net device")
Signed-off-by: Jiayuan Chen <jiayuan.chen@xxxxxxxxx>
---
drivers/net/netkit.c | 6 ++++++
1 file changed, 6 insertions(+)

diff --git a/drivers/net/netkit.c b/drivers/net/netkit.c
index 5c0e01396e064..c4f764034c90f 100644
--- a/drivers/net/netkit.c
+++ b/drivers/net/netkit.c
@@ -533,6 +533,9 @@ int netkit_prog_attach(const union bpf_attr *attr, struct bpf_prog *prog)
struct net_device *dev;
int ret;

+ if (bpf_prog_is_offloaded(prog->aux))
+ return -EINVAL;
+
rtnl_lock();
dev = netkit_dev_fetch(current->nsproxy->net_ns, attr->target_ifindex,
attr->attach_type);
@@ -788,6 +791,9 @@ int netkit_link_attach(const union bpf_attr *attr, struct bpf_prog *prog)
struct net_device *dev;
int ret;

+ if (bpf_prog_is_offloaded(prog->aux))
+ return -EINVAL;
+
rtnl_lock();
dev = netkit_dev_fetch(current->nsproxy->net_ns,
attr->link_create.target_ifindex,
--
2.43.0