This is a note to let you know that I've just added the patch titled
bpf, sockmap: Remove skb_orphan and let normal skb_kfree do cleanup
to the 5.8-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
bpf-sockmap-remove-skb_orphan-and-let-normal-skb_kfr.patch
and it can be found in the queue-5.8 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit eb299b7eccea3503395e699dc9de284f3cbf5941
Author: John Fastabend <john.fastabend@xxxxxxxxx>
Date: Fri Oct 9 11:37:35 2020 -0700
bpf, sockmap: Remove skb_orphan and let normal skb_kfree do cleanup
[ Upstream commit 10d58d006356a075a7b056e0f6502db416d1a261 ]
Calling skb_orphan() is unnecessary in the strp rcv handler because the skb
is from a skb_clone() in __strp_recv. So it never has a destructor or a
sk assigned. Plus its confusing to read because it might hint to the reader
that the skb could have an sk assigned which is not true. Even if we did
have an sk assigned it would be cleaner to simply wait for the upcoming
kfree_skb().
Additionally, move the comment about strparser clone up so its closer to
the logic it is describing and add to it so that it is more complete.
Fixes: 604326b41a6fb ("bpf, sockmap: convert to generic sk_msg interface")
Signed-off-by: John Fastabend <john.fastabend@xxxxxxxxx>
Signed-off-by: Alexei Starovoitov <ast@xxxxxxxxxx>
Link: https://lore.kernel.org/bpf/160226865548.5692.9098315689984599579.stgit@john-Precision-5820-Tower
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/net/core/skmsg.c b/net/core/skmsg.c
index 6a32a1fd34f8c..053472c48354b 100644
--- a/net/core/skmsg.c
+++ b/net/core/skmsg.c
@@ -662,15 +662,16 @@ static int sk_psock_bpf_run(struct sk_psock *psock, struct bpf_prog *prog,
{
int ret;
+ /* strparser clones the skb before handing it to a upper layer,
+ * meaning we have the same data, but sk is NULL. We do want an
+ * sk pointer though when we run the BPF program. So we set it
+ * here and then NULL it to ensure we don't trigger a BUG_ON()
+ * in skb/sk operations later if kfree_skb is called with a
+ * valid skb->sk pointer and no destructor assigned.
+ */
skb->sk = psock->sk;
bpf_compute_data_end_sk_skb(skb);
ret = bpf_prog_run_pin_on_cpu(prog, skb);
- /* strparser clones the skb before handing it to a upper layer,
- * meaning skb_orphan has been called. We NULL sk on the way out
- * to ensure we don't trigger a BUG_ON() in skb/sk operations
- * later and because we are not charging the memory of this skb
- * to any socket yet.
- */
skb->sk = NULL;
return ret;
}
@@ -795,7 +796,6 @@ static void sk_psock_strp_read(struct strparser *strp, struct sk_buff *skb)
}
prog = READ_ONCE(psock->progs.skb_verdict);
if (likely(prog)) {
- skb_orphan(skb);
tcp_skb_bpf_redirect_clear(skb);
ret = sk_psock_bpf_run(psock, prog, skb);
ret = sk_psock_map_verd(ret, tcp_skb_bpf_redirect_fetch(skb));
