Willem de Bruijn wrote:
> I'm no expert on this code, but commit 401cb7dae813 that introduced
> bpf_net_ctx_set explicitly states that nested calls are allowed.
>
> And the function does imply that:
>
> static inline struct bpf_net_context *bpf_net_ctx_set(struct bpf_net_context *bpf_net_ctx)
> {
> struct task_struct *tsk = current;
>
> if (tsk->bpf_net_context != NULL)
> return NULL;
> bpf_net_ctx->ri.kern_flags = 0;
>
> tsk->bpf_net_context = bpf_net_ctx;
> return bpf_net_ctx;
> }
I'm not an expert on this code either. As you said, there is a
possibility that the bug is not caused by overlapping calls, but various
memory corruptions are occurring due to the handling of bpf_net_context
in do_xdp_generic. Therefore, it is appropriate to modify it to handle
it in the parent function rather than in do_xdp_generic.
> Is tun_xdp_one missing? That also calls do_xdp_generic.
This is no problem since tun_xdp_one is only called from tun_sendmsg
and tun_sendmsg already does the bpf_net_context handling.
Regards,
Jeongjun Park.
