[PATCH OLK-5.10 2/7] bpf, sockmap: Fix map type error in sock_map_del_link

From: Xu Kuohai xukuohai@huawei.com

mainline inclusion from mainline-v6.5-rc6 commit 7e96ec0e6605b69bb21bbf6c0ff9051e656ec2b1 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I7DNAP CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...

--------------------------------

sock_map_del_link() operates on both SOCKMAP and SOCKHASH, although both types have member named "progs", the offset of "progs" member in these two types is different, so "progs" should be accessed with the real map type.

Fixes: 604326b41a6f ("bpf, sockmap: convert to generic sk_msg interface") Signed-off-by: Xu Kuohai xukuohai@huawei.com Reviewed-by: John Fastabend john.fastabend@gmail.com Link: https://lore.kernel.org/r/20230804073740.194770-2-xukuohai@huaweicloud.com Signed-off-by: Martin KaFai Lau martin.lau@kernel.org Signed-off-by: Liu Jian liujian56@huawei.com

Conflicts: net/core/sock_map.c --- net/core/sock_map.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/net/core/sock_map.c b/net/core/sock_map.c index 66b7f3fb01ed..93f2b7893095 100644 --- a/net/core/sock_map.c +++ b/net/core/sock_map.c @@ -24,6 +24,8 @@ struct bpf_stab { #define SOCK_CREATE_FLAG_MASK \ (BPF_F_NUMA_NODE | BPF_F_RDONLY | BPF_F_WRONLY)

+static struct sk_psock_progs *sock_map_progs(struct bpf_map *map); + static struct bpf_map *sock_map_alloc(union bpf_attr *attr) { struct bpf_stab *stab; @@ -157,11 +159,11 @@ static void sock_map_del_link(struct sock *sk, list_for_each_entry_safe(link, tmp, &psock->link, list) { if (link->link_raw == link_raw) { struct bpf_map *map = link->map; - struct bpf_stab *stab = container_of(map, struct bpf_stab, - map); - if (psock->parser.enabled && stab->progs.skb_parser) + struct sk_psock_progs *progs = sock_map_progs(map); + + if (psock->parser.enabled && progs->skb_parser) strp_stop = true; - if (psock->parser.enabled && stab->progs.skb_verdict) + if (psock->parser.enabled && progs->skb_verdict) verdict_stop = true; list_del(&link->list); sk_psock_free_link(link);