Message ID | 20180521075558.11968-1-yuehaibing@huawei.com |
---|---|
State | Changes Requested, archived |
Delegated to: | BPF Maintainers |
Headers | show |
Series | bpf: check NULL for sk_to_full_sk() | expand |
On 05/21/2018 12:55 AM, YueHaibing wrote: > like commit df39a9f106d5 ("bpf: check NULL for sk_to_full_sk() return value"), > we should check sk_to_full_sk return value against NULL. > > Signed-off-by: YueHaibing <yuehaibing@huawei.com> > --- > include/linux/bpf-cgroup.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/include/linux/bpf-cgroup.h b/include/linux/bpf-cgroup.h > index 30d15e6..fd3fbeb 100644 > --- a/include/linux/bpf-cgroup.h > +++ b/include/linux/bpf-cgroup.h > @@ -91,7 +91,7 @@ int __cgroup_bpf_check_dev_permission(short dev_type, u32 major, u32 minor, > int __ret = 0; \ > if (cgroup_bpf_enabled && sk && sk == skb->sk) { \ > typeof(sk) __sk = sk_to_full_sk(sk); \ > - if (sk_fullsock(__sk)) \ > + if (__sk && sk_fullsock(__sk)) \ > __ret = __cgroup_bpf_run_filter_skb(__sk, skb, \ > BPF_CGROUP_INET_EGRESS); \ > } \ > Why is this needed ???
On 2018/5/21 23:17, Eric Dumazet wrote: > > > On 05/21/2018 12:55 AM, YueHaibing wrote: >> like commit df39a9f106d5 ("bpf: check NULL for sk_to_full_sk() return value"), >> we should check sk_to_full_sk return value against NULL. >> >> Signed-off-by: YueHaibing <yuehaibing@huawei.com> >> --- >> include/linux/bpf-cgroup.h | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/include/linux/bpf-cgroup.h b/include/linux/bpf-cgroup.h >> index 30d15e6..fd3fbeb 100644 >> --- a/include/linux/bpf-cgroup.h >> +++ b/include/linux/bpf-cgroup.h >> @@ -91,7 +91,7 @@ int __cgroup_bpf_check_dev_permission(short dev_type, u32 major, u32 minor, >> int __ret = 0; \ >> if (cgroup_bpf_enabled && sk && sk == skb->sk) { \ >> typeof(sk) __sk = sk_to_full_sk(sk); \ >> - if (sk_fullsock(__sk)) \ >> + if (__sk && sk_fullsock(__sk)) \ >> __ret = __cgroup_bpf_run_filter_skb(__sk, skb, \ >> BPF_CGROUP_INET_EGRESS); \ >> } \ >> > > Why is this needed ??? BPF_CGROUP_RUN_PROG_INET_EGRESS is called in ip_output I just misunderstood, sorry for noise. > >
diff --git a/include/linux/bpf-cgroup.h b/include/linux/bpf-cgroup.h index 30d15e6..fd3fbeb 100644 --- a/include/linux/bpf-cgroup.h +++ b/include/linux/bpf-cgroup.h @@ -91,7 +91,7 @@ int __cgroup_bpf_check_dev_permission(short dev_type, u32 major, u32 minor, int __ret = 0; \ if (cgroup_bpf_enabled && sk && sk == skb->sk) { \ typeof(sk) __sk = sk_to_full_sk(sk); \ - if (sk_fullsock(__sk)) \ + if (__sk && sk_fullsock(__sk)) \ __ret = __cgroup_bpf_run_filter_skb(__sk, skb, \ BPF_CGROUP_INET_EGRESS); \ } \
like commit df39a9f106d5 ("bpf: check NULL for sk_to_full_sk() return value"), we should check sk_to_full_sk return value against NULL. Signed-off-by: YueHaibing <yuehaibing@huawei.com> --- include/linux/bpf-cgroup.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)