On 01/23, Toke Høiland-Jørgensen wrote:
> Marcus Wichelmann <marcus.wichelmann@xxxxxxxxxxxxxxxx> writes:
>
> > There is probably a check missing somewhere that prevents the use of
> > these kfuncs in the scope of do_xdp_generic?
>
> Heh, yeah, we should definitely block device-bound programs from being
> attached in generic mode. Something like the below, I guess. Care to
> test that out?
>
> -Toke
>
> diff --git a/net/core/dev.c b/net/core/dev.c
> index afa2282f2604..c1fa68264989 100644
> --- a/net/core/dev.c
> +++ b/net/core/dev.c
> @@ -9924,6 +9924,10 @@ static int dev_xdp_attach(struct net_device *dev, struct netlink_ext_ack *extack
> NL_SET_ERR_MSG(extack, "Program bound to different device");
> return -EINVAL;
> }
> + if (bpf_prog_is_dev_bound(new_prog->aux) && mode == XDP_MODE_SKB) {
> + NL_SET_ERR_MSG(extack, "Can't attach device-bound programs in generic mode");
> + return -EINVAL;
> + }
> if (new_prog->expected_attach_type == BPF_XDP_DEVMAP) {
> NL_SET_ERR_MSG(extack, "BPF_XDP_DEVMAP programs can not be attached to a device");
> return -EINVAL;
>
I'm assuming you'll properly post a patch at some point?
Acked-by: Stanislav Fomichev <sdf@xxxxxxxxxxx>
Might be a good idea to extend bpf_offload.py with that condition.
