Commit 7ae215d2 authored by Joe Stringer's avatar Joe Stringer Committed by Alexei Starovoitov

bpf: Don't refcount LISTEN sockets in sk_assign()

Avoid taking a reference on listen sockets by checking the socket type
in the sk_assign and in the corresponding skb_steal_sock() code in the
the transport layer, and by ensuring that the prefetch free (sock_pfree)
function uses the same logic to check whether the socket is refcounted.
Suggested-by: default avatarMartin KaFai Lau <kafai@fb.com>
Signed-off-by: default avatarJoe Stringer <joe@wand.net.nz>
Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
Acked-by: default avatarMartin KaFai Lau <kafai@fb.com>
Link: https://lore.kernel.org/bpf/20200329225342.16317-4-joe@wand.net.nz
parent 71489e21
...@@ -2537,6 +2537,21 @@ skb_sk_is_prefetched(struct sk_buff *skb) ...@@ -2537,6 +2537,21 @@ skb_sk_is_prefetched(struct sk_buff *skb)
#endif /* CONFIG_INET */ #endif /* CONFIG_INET */
} }
/* This helper checks if a socket is a full socket,
* ie _not_ a timewait or request socket.
*/
static inline bool sk_fullsock(const struct sock *sk)
{
return (1 << sk->sk_state) & ~(TCPF_TIME_WAIT | TCPF_NEW_SYN_RECV);
}
static inline bool
sk_is_refcounted(struct sock *sk)
{
/* Only full sockets have sk->sk_flags. */
return !sk_fullsock(sk) || !sock_flag(sk, SOCK_RCU_FREE);
}
/** /**
* skb_steal_sock * skb_steal_sock
* @skb to steal the socket from * @skb to steal the socket from
...@@ -2549,6 +2564,8 @@ skb_steal_sock(struct sk_buff *skb, bool *refcounted) ...@@ -2549,6 +2564,8 @@ skb_steal_sock(struct sk_buff *skb, bool *refcounted)
struct sock *sk = skb->sk; struct sock *sk = skb->sk;
*refcounted = true; *refcounted = true;
if (skb_sk_is_prefetched(skb))
*refcounted = sk_is_refcounted(sk);
skb->destructor = NULL; skb->destructor = NULL;
skb->sk = NULL; skb->sk = NULL;
return sk; return sk;
...@@ -2557,14 +2574,6 @@ skb_steal_sock(struct sk_buff *skb, bool *refcounted) ...@@ -2557,14 +2574,6 @@ skb_steal_sock(struct sk_buff *skb, bool *refcounted)
return NULL; return NULL;
} }
/* This helper checks if a socket is a full socket,
* ie _not_ a timewait or request socket.
*/
static inline bool sk_fullsock(const struct sock *sk)
{
return (1 << sk->sk_state) & ~(TCPF_TIME_WAIT | TCPF_NEW_SYN_RECV);
}
/* Checks if this SKB belongs to an HW offloaded socket /* Checks if this SKB belongs to an HW offloaded socket
* and whether any SW fallbacks are required based on dev. * and whether any SW fallbacks are required based on dev.
* Check decrypted mark in case skb_orphan() cleared socket. * Check decrypted mark in case skb_orphan() cleared socket.
......
...@@ -5401,8 +5401,7 @@ static const struct bpf_func_proto bpf_sk_lookup_udp_proto = { ...@@ -5401,8 +5401,7 @@ static const struct bpf_func_proto bpf_sk_lookup_udp_proto = {
BPF_CALL_1(bpf_sk_release, struct sock *, sk) BPF_CALL_1(bpf_sk_release, struct sock *, sk)
{ {
/* Only full sockets have sk->sk_flags. */ if (sk_is_refcounted(sk))
if (!sk_fullsock(sk) || !sock_flag(sk, SOCK_RCU_FREE))
sock_gen_put(sk); sock_gen_put(sk);
return 0; return 0;
} }
...@@ -5928,7 +5927,8 @@ BPF_CALL_3(bpf_sk_assign, struct sk_buff *, skb, struct sock *, sk, u64, flags) ...@@ -5928,7 +5927,8 @@ BPF_CALL_3(bpf_sk_assign, struct sk_buff *, skb, struct sock *, sk, u64, flags)
return -ENETUNREACH; return -ENETUNREACH;
if (unlikely(sk->sk_reuseport)) if (unlikely(sk->sk_reuseport))
return -ESOCKTNOSUPPORT; return -ESOCKTNOSUPPORT;
if (unlikely(!refcount_inc_not_zero(&sk->sk_refcnt))) if (sk_is_refcounted(sk) &&
unlikely(!refcount_inc_not_zero(&sk->sk_refcnt)))
return -ENOENT; return -ENOENT;
skb_orphan(skb); skb_orphan(skb);
......
...@@ -2077,7 +2077,8 @@ EXPORT_SYMBOL(sock_efree); ...@@ -2077,7 +2077,8 @@ EXPORT_SYMBOL(sock_efree);
#ifdef CONFIG_INET #ifdef CONFIG_INET
void sock_pfree(struct sk_buff *skb) void sock_pfree(struct sk_buff *skb)
{ {
sock_gen_put(skb->sk); if (sk_is_refcounted(skb->sk))
sock_gen_put(skb->sk);
} }
EXPORT_SYMBOL(sock_pfree); EXPORT_SYMBOL(sock_pfree);
#endif /* CONFIG_INET */ #endif /* CONFIG_INET */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment