Stanislav Fomichev <stfomichev@xxxxxxxxx> writes:
> On 01/23, Toke Høiland-Jørgensen wrote:
>> Marcus Wichelmann <marcus.wichelmann@xxxxxxxxxxxxxxxx> writes:
>>
>> > There is probably a check missing somewhere that prevents the use of
>> > these kfuncs in the scope of do_xdp_generic?
>>
>> Heh, yeah, we should definitely block device-bound programs from being
>> attached in generic mode. Something like the below, I guess. Care to
>> test that out?
>>
>> -Toke
>>
>> diff --git a/net/core/dev.c b/net/core/dev.c
>> index afa2282f2604..c1fa68264989 100644
>> --- a/net/core/dev.c
>> +++ b/net/core/dev.c
>> @@ -9924,6 +9924,10 @@ static int dev_xdp_attach(struct net_device *dev, struct netlink_ext_ack *extack
>> NL_SET_ERR_MSG(extack, "Program bound to different device");
>> return -EINVAL;
>> }
>> + if (bpf_prog_is_dev_bound(new_prog->aux) && mode == XDP_MODE_SKB) {
>> + NL_SET_ERR_MSG(extack, "Can't attach device-bound programs in generic mode");
>> + return -EINVAL;
>> + }
>> if (new_prog->expected_attach_type == BPF_XDP_DEVMAP) {
>> NL_SET_ERR_MSG(extack, "BPF_XDP_DEVMAP programs can not be attached to a device");
>> return -EINVAL;
>>
>
> I'm assuming you'll properly post a patch at some point?
>
> Acked-by: Stanislav Fomichev <sdf@xxxxxxxxxxx>
Yes, will do - thanks for the ACK!
> Might be a good idea to extend bpf_offload.py with that condition.
Right, I'll take a look.
-Toke
