From: Xu Kuohai <xukuohai@huawei.com> mainline inclusion from mainline-v6.5-rc6 commit 7e96ec0e6605b69bb21bbf6c0ff9051e656ec2b1 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I7DNAP CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... -------------------------------- sock_map_del_link() operates on both SOCKMAP and SOCKHASH, although both types have member named "progs", the offset of "progs" member in these two types is different, so "progs" should be accessed with the real map type. Fixes: 604326b41a6f ("bpf, sockmap: convert to generic sk_msg interface") Signed-off-by: Xu Kuohai <xukuohai@huawei.com> Reviewed-by: John Fastabend <john.fastabend@gmail.com> Link: https://lore.kernel.org/r/20230804073740.194770-2-xukuohai@huaweicloud.com Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org> Signed-off-by: Liu Jian <liujian56@huawei.com> Conflicts: net/core/sock_map.c --- net/core/sock_map.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/net/core/sock_map.c b/net/core/sock_map.c index 66b7f3fb01ed..93f2b7893095 100644 --- a/net/core/sock_map.c +++ b/net/core/sock_map.c @@ -24,6 +24,8 @@ struct bpf_stab { #define SOCK_CREATE_FLAG_MASK \ (BPF_F_NUMA_NODE | BPF_F_RDONLY | BPF_F_WRONLY) +static struct sk_psock_progs *sock_map_progs(struct bpf_map *map); + static struct bpf_map *sock_map_alloc(union bpf_attr *attr) { struct bpf_stab *stab; @@ -157,11 +159,11 @@ static void sock_map_del_link(struct sock *sk, list_for_each_entry_safe(link, tmp, &psock->link, list) { if (link->link_raw == link_raw) { struct bpf_map *map = link->map; - struct bpf_stab *stab = container_of(map, struct bpf_stab, - map); - if (psock->parser.enabled && stab->progs.skb_parser) + struct sk_psock_progs *progs = sock_map_progs(map); + + if (psock->parser.enabled && progs->skb_parser) strp_stop = true; - if (psock->parser.enabled && stab->progs.skb_verdict) + if (psock->parser.enabled && progs->skb_verdict) verdict_stop = true; list_del(&link->list); sk_psock_free_link(link); -- 2.34.1