Jeongjun Park wrote:
> In the previous commit, bpf_net_context handling was added to
> tun_sendmsg() and do_xdp_generic(), but if you write code like this,
> bpf_net_context overlaps in the call trace below, causing various
> memory corruptions.
I'm no expert on this code, but commit 401cb7dae813 that introduced
bpf_net_ctx_set explicitly states that nested calls are allowed.
And the function does imply that:
static inline struct bpf_net_context *bpf_net_ctx_set(struct bpf_net_context *bpf_net_ctx)
{
struct task_struct *tsk = current;
if (tsk->bpf_net_context != NULL)
return NULL;
bpf_net_ctx->ri.kern_flags = 0;
tsk->bpf_net_context = bpf_net_ctx;
return bpf_net_ctx;
}
> <Call trace>
> ...
> tun_sendmsg() // bpf_net_ctx_set()
> tun_xdp_one()
> do_xdp_generic() // bpf_net_ctx_set() <-- nested
> ...
>
> This patch removes the bpf_net_context handling that exists in
> do_xdp_generic() and modifies it to handle it in the parent function.
Is tun_xdp_one missing? That also calls do_xdp_generic.
