[PATCH bpf-next v4 0/2] bpf, sockmap: disallow sockmap mutation from tc, xdp, socket_filter and flow_dissector

From: Sechang Lim

Date: Tue Jun 30 2026 - 11:00:15 EST


A tc, xdp, socket_filter or flow_dissector program updating or deleting
a sockmap deadlocks on stab->lock vs sk_callback_lock and has no reason
to. Patch 1 disallows it in may_update_sockmap(); patch 2 drops the
selftests that exercised it.

v4:
- also drop BPF_PROG_TYPE_SOCKET_FILTER (John Fastabend)

v3:
- https://lore.kernel.org/all/20260629172704.1302218-1-rhkrqnwk98@xxxxxxxxx/

v2:
- https://lore.kernel.org/all/20260620034632.2308-1-rhkrqnwk98@xxxxxxxxx/

v1:
- https://lore.kernel.org/all/20260616091153.2966617-1-rhkrqnwk98@xxxxxxxxx/

Sechang Lim (2):
bpf, sockmap: disallow update and delete from tc, xdp, socket_filter
and flow_dissector
selftests/bpf: drop tc/xdp/flow_dissector/socket_filter sockmap
mutation tests

kernel/bpf/verifier.c | 5 --
.../selftests/bpf/prog_tests/fexit_bpf2bpf.c | 13 -----
.../selftests/bpf/prog_tests/sockmap_basic.c | 52 -------------------
.../bpf/progs/freplace_cls_redirect.c | 34 ------------
.../selftests/bpf/progs/test_sockmap_update.c | 48 -----------------
.../bpf/progs/verifier_sockmap_mutate.c | 12 ++---
6 files changed, 6 insertions(+), 158 deletions(-)
delete mode 100644 tools/testing/selftests/bpf/progs/freplace_cls_redirect.c
delete mode 100644 tools/testing/selftests/bpf/progs/test_sockmap_update.c

--
2.43.0