forked from luck/tmp_suning_uos_patched
597222f72a
Currently we check sk_user_data is non NULL to determine if the sk
exists in a map. However, this is not sufficient to ensure the psock
or the ULP ops are not in use by another user, such as kcm or TLS. To
avoid this when adding a sock to a map also verify it is of the
correct ULP type. Additionally, when releasing a psock verify that
it is the TCP_ULP_BPF type before releasing the ULP. The error case
where we abort an update due to ULP collision can cause this error
path.
For example,
__sock_map_ctx_update_elem()
[...]
err = tcp_set_ulp_id(sock, TCP_ULP_BPF) <- collides with TLS
if (err) <- so err out here
goto out_free
[...]
out_free:
smap_release_sock() <- calling tcp_cleanup_ulp releases the
TLS ULP incorrectly.
Fixes:
|
||
---|---|---|
.. | ||
arraymap.c | ||
bpf_lru_list.c | ||
bpf_lru_list.h | ||
btf.c | ||
cgroup.c | ||
core.c | ||
cpumap.c | ||
devmap.c | ||
disasm.c | ||
disasm.h | ||
hashtab.c | ||
helpers.c | ||
inode.c | ||
local_storage.c | ||
lpm_trie.c | ||
Makefile | ||
map_in_map.c | ||
map_in_map.h | ||
offload.c | ||
percpu_freelist.c | ||
percpu_freelist.h | ||
reuseport_array.c | ||
sockmap.c | ||
stackmap.c | ||
syscall.c | ||
tnum.c | ||
verifier.c | ||
xskmap.c |