Skip to content

Commit 6ef6d84

Browse files
pbholeborkmann
pbhole
authored and
borkmann
committed
bpf: sockmap: initialize sg table entries properly
When CONFIG_DEBUG_SG is set, sg->sg_magic is initialized in sg_init_table() and it is verified in sg api while navigating. We hit BUG_ON when magic check is failed. In functions sg_tcp_sendpage and sg_tcp_sendmsg, the struct containing the scatterlist is already zeroed out. So to avoid extra memset, we use sg_init_marker() to initialize sg_magic. Fixed following things: - In bpf_tcp_sendpage: initialize sg using sg_init_marker - In bpf_tcp_sendmsg: Replace sg_init_table with sg_init_marker - In bpf_tcp_push: Replace memset with sg_init_table where consumed sg entry needs to be re-initialized. Signed-off-by: Prashant Bhole <[email protected]> Acked-by: John Fastabend <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]>
1 parent f385178 commit 6ef6d84

File tree

1 file changed

+8
-5
lines changed

1 file changed

+8
-5
lines changed

kernel/bpf/sockmap.c

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -341,7 +341,7 @@ static int bpf_tcp_push(struct sock *sk, int apply_bytes,
341341
md->sg_start++;
342342
if (md->sg_start == MAX_SKB_FRAGS)
343343
md->sg_start = 0;
344-
memset(sg, 0, sizeof(*sg));
344+
sg_init_table(sg, 1);
345345

346346
if (md->sg_start == md->sg_end)
347347
break;
@@ -843,7 +843,7 @@ static int bpf_tcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
843843
}
844844

845845
sg = md.sg_data;
846-
sg_init_table(sg, MAX_SKB_FRAGS);
846+
sg_init_marker(sg, MAX_SKB_FRAGS);
847847
rcu_read_unlock();
848848

849849
lock_sock(sk);
@@ -950,18 +950,21 @@ static int bpf_tcp_sendpage(struct sock *sk, struct page *page,
950950

951951
lock_sock(sk);
952952

953-
if (psock->cork_bytes)
953+
if (psock->cork_bytes) {
954954
m = psock->cork;
955-
else
955+
sg = &m->sg_data[m->sg_end];
956+
} else {
956957
m = &md;
958+
sg = m->sg_data;
959+
sg_init_marker(sg, MAX_SKB_FRAGS);
960+
}
957961

958962
/* Catch case where ring is full and sendpage is stalled. */
959963
if (unlikely(m->sg_end == m->sg_start &&
960964
m->sg_data[m->sg_end].length))
961965
goto out_err;
962966

963967
psock->sg_size += size;
964-
sg = &m->sg_data[m->sg_end];
965968
sg_set_page(sg, page, size, offset);
966969
get_page(page);
967970
m->sg_copy[m->sg_end] = true;

0 commit comments

Comments
 (0)