Lorenz Bauer wrote:
> The sock map code checks that a socket does not have an active upper
> layer protocol before inserting it into the map. This requires casting
> via inet_csk, which isn't valid for UDP sockets.
>
> Guard checks for ULP by checking inet_sk(sk)->is_icsk first.
>
> Signed-off-by: Lorenz Bauer <lmb@xxxxxxxxxxxxxx>
> ---
> include/linux/skmsg.h | 8 +++++++-
> net/core/sock_map.c | 11 +++++++----
> 2 files changed, 14 insertions(+), 5 deletions(-)
>
> diff --git a/include/linux/skmsg.h b/include/linux/skmsg.h
> index 112765bd146d..54a9a3e36b29 100644
> --- a/include/linux/skmsg.h
> +++ b/include/linux/skmsg.h
> @@ -360,7 +360,13 @@ static inline void sk_psock_restore_proto(struct sock *sk,
> struct sk_psock *psock)
> {
> sk->sk_prot->unhash = psock->saved_unhash;
> - tcp_update_ulp(sk, psock->sk_proto, psock->saved_write_space);
> + if (inet_sk(sk)->is_icsk) {
use sock_map_sk_has_ulp() here as well and then drop the !icsk->icsk_ulp_ops
case in tcp_update_ulp()?
> + tcp_update_ulp(sk, psock->sk_proto, psock->saved_write_space);
> + } else {
> + sk->sk_write_space = psock->saved_write_space;
> + /* Pairs with lockless read in sk_clone_lock() */
> + WRITE_ONCE(sk->sk_prot, psock->sk_proto);
> + }
> }
>
> static inline void sk_psock_set_state(struct sk_psock *psock,
> diff --git a/net/core/sock_map.c b/net/core/sock_map.c
> index 2e0f465295c3..695ecacc7afa 100644
> --- a/net/core/sock_map.c
> +++ b/net/core/sock_map.c
> @@ -94,6 +94,11 @@ static void sock_map_sk_release(struct sock *sk)
> release_sock(sk);
> }
>
> +static bool sock_map_sk_has_ulp(struct sock *sk)
> +{
> + return inet_sk(sk)->is_icsk && !!inet_csk(sk)->icsk_ulp_ops;
> +}
> +
> static void sock_map_add_link(struct sk_psock *psock,
> struct sk_psock_link *link,
> struct bpf_map *map, void *link_raw)
> @@ -384,7 +389,6 @@ static int sock_map_update_common(struct bpf_map *map, u32 idx,
> struct sock *sk, u64 flags)
> {
> struct bpf_stab *stab = container_of(map, struct bpf_stab, map);
> - struct inet_connection_sock *icsk = inet_csk(sk);
> struct sk_psock_link *link;
> struct sk_psock *psock;
> struct sock *osk;
> @@ -395,7 +399,7 @@ static int sock_map_update_common(struct bpf_map *map, u32 idx,
> return -EINVAL;
> if (unlikely(idx >= map->max_entries))
> return -E2BIG;
> - if (unlikely(rcu_access_pointer(icsk->icsk_ulp_data)))
> + if (sock_map_sk_has_ulp(sk))
> return -EINVAL;
>
> link = sk_psock_init_link();
> @@ -738,7 +742,6 @@ static int sock_hash_update_common(struct bpf_map *map, void *key,
> struct sock *sk, u64 flags)
> {
> struct bpf_htab *htab = container_of(map, struct bpf_htab, map);
> - struct inet_connection_sock *icsk = inet_csk(sk);
> u32 key_size = map->key_size, hash;
> struct bpf_htab_elem *elem, *elem_new;
> struct bpf_htab_bucket *bucket;
> @@ -749,7 +752,7 @@ static int sock_hash_update_common(struct bpf_map *map, void *key,
> WARN_ON_ONCE(!rcu_read_lock_held());
> if (unlikely(flags > BPF_EXIST))
> return -EINVAL;
> - if (unlikely(icsk->icsk_ulp_data))
> + if (sock_map_sk_has_ulp(sk))
> return -EINVAL;
>
> link = sk_psock_init_link();
> --
> 2.20.1
>
