Re: [PATCH] bpf: check NULL for sk_to_full_sk()
On 2018/5/21 23:17, Eric Dumazet wrote: > > > On 05/21/2018 12:55 AM, YueHaibing wrote: >> like commit df39a9f106d5 ("bpf: check NULL for sk_to_full_sk() return >> value"), >> we should check sk_to_full_sk return value against NULL. >> >> Signed-off-by: YueHaibing>> --- >> include/linux/bpf-cgroup.h | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/include/linux/bpf-cgroup.h b/include/linux/bpf-cgroup.h >> index 30d15e6..fd3fbeb 100644 >> --- a/include/linux/bpf-cgroup.h >> +++ b/include/linux/bpf-cgroup.h >> @@ -91,7 +91,7 @@ int __cgroup_bpf_check_dev_permission(short dev_type, u32 >> major, u32 minor, >> int __ret = 0; \ >> if (cgroup_bpf_enabled && sk && sk == skb->sk) { \ >> typeof(sk) __sk = sk_to_full_sk(sk); \ >> -if (sk_fullsock(__sk)) \ >> +if (__sk && sk_fullsock(__sk)) \ >> __ret = __cgroup_bpf_run_filter_skb(__sk, skb, \ >>BPF_CGROUP_INET_EGRESS); \ >> } \ >> > > Why is this needed ??? BPF_CGROUP_RUN_PROG_INET_EGRESS is called in ip_output I just misunderstood, sorry for noise. > >
Re: [PATCH] bpf: check NULL for sk_to_full_sk()
On 2018/5/21 23:17, Eric Dumazet wrote: > > > On 05/21/2018 12:55 AM, YueHaibing wrote: >> like commit df39a9f106d5 ("bpf: check NULL for sk_to_full_sk() return >> value"), >> we should check sk_to_full_sk return value against NULL. >> >> Signed-off-by: YueHaibing >> --- >> include/linux/bpf-cgroup.h | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/include/linux/bpf-cgroup.h b/include/linux/bpf-cgroup.h >> index 30d15e6..fd3fbeb 100644 >> --- a/include/linux/bpf-cgroup.h >> +++ b/include/linux/bpf-cgroup.h >> @@ -91,7 +91,7 @@ int __cgroup_bpf_check_dev_permission(short dev_type, u32 >> major, u32 minor, >> int __ret = 0; \ >> if (cgroup_bpf_enabled && sk && sk == skb->sk) { \ >> typeof(sk) __sk = sk_to_full_sk(sk); \ >> -if (sk_fullsock(__sk)) \ >> +if (__sk && sk_fullsock(__sk)) \ >> __ret = __cgroup_bpf_run_filter_skb(__sk, skb, \ >>BPF_CGROUP_INET_EGRESS); \ >> } \ >> > > Why is this needed ??? BPF_CGROUP_RUN_PROG_INET_EGRESS is called in ip_output I just misunderstood, sorry for noise. > >
Re: [PATCH] bpf: check NULL for sk_to_full_sk()
On 05/21/2018 12:55 AM, YueHaibing wrote: > like commit df39a9f106d5 ("bpf: check NULL for sk_to_full_sk() return value"), > we should check sk_to_full_sk return value against NULL. > > Signed-off-by: YueHaibing> --- > include/linux/bpf-cgroup.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/include/linux/bpf-cgroup.h b/include/linux/bpf-cgroup.h > index 30d15e6..fd3fbeb 100644 > --- a/include/linux/bpf-cgroup.h > +++ b/include/linux/bpf-cgroup.h > @@ -91,7 +91,7 @@ int __cgroup_bpf_check_dev_permission(short dev_type, u32 > major, u32 minor, > int __ret = 0; \ > if (cgroup_bpf_enabled && sk && sk == skb->sk) { \ > typeof(sk) __sk = sk_to_full_sk(sk); \ > - if (sk_fullsock(__sk)) \ > + if (__sk && sk_fullsock(__sk)) \ > __ret = __cgroup_bpf_run_filter_skb(__sk, skb, \ > BPF_CGROUP_INET_EGRESS); \ > } \ > Why is this needed ???
Re: [PATCH] bpf: check NULL for sk_to_full_sk()
On 05/21/2018 12:55 AM, YueHaibing wrote: > like commit df39a9f106d5 ("bpf: check NULL for sk_to_full_sk() return value"), > we should check sk_to_full_sk return value against NULL. > > Signed-off-by: YueHaibing > --- > include/linux/bpf-cgroup.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/include/linux/bpf-cgroup.h b/include/linux/bpf-cgroup.h > index 30d15e6..fd3fbeb 100644 > --- a/include/linux/bpf-cgroup.h > +++ b/include/linux/bpf-cgroup.h > @@ -91,7 +91,7 @@ int __cgroup_bpf_check_dev_permission(short dev_type, u32 > major, u32 minor, > int __ret = 0; \ > if (cgroup_bpf_enabled && sk && sk == skb->sk) { \ > typeof(sk) __sk = sk_to_full_sk(sk); \ > - if (sk_fullsock(__sk)) \ > + if (__sk && sk_fullsock(__sk)) \ > __ret = __cgroup_bpf_run_filter_skb(__sk, skb, \ > BPF_CGROUP_INET_EGRESS); \ > } \ > Why is this needed ???
[PATCH] bpf: check NULL for sk_to_full_sk()
like commit df39a9f106d5 ("bpf: check NULL for sk_to_full_sk() return value"), we should check sk_to_full_sk return value against NULL. Signed-off-by: YueHaibing--- include/linux/bpf-cgroup.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/bpf-cgroup.h b/include/linux/bpf-cgroup.h index 30d15e6..fd3fbeb 100644 --- a/include/linux/bpf-cgroup.h +++ b/include/linux/bpf-cgroup.h @@ -91,7 +91,7 @@ int __cgroup_bpf_check_dev_permission(short dev_type, u32 major, u32 minor, int __ret = 0; \ if (cgroup_bpf_enabled && sk && sk == skb->sk) { \ typeof(sk) __sk = sk_to_full_sk(sk); \ - if (sk_fullsock(__sk)) \ + if (__sk && sk_fullsock(__sk)) \ __ret = __cgroup_bpf_run_filter_skb(__sk, skb, \ BPF_CGROUP_INET_EGRESS); \ } \ -- 2.7.0
[PATCH] bpf: check NULL for sk_to_full_sk()
like commit df39a9f106d5 ("bpf: check NULL for sk_to_full_sk() return value"), we should check sk_to_full_sk return value against NULL. Signed-off-by: YueHaibing --- include/linux/bpf-cgroup.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/bpf-cgroup.h b/include/linux/bpf-cgroup.h index 30d15e6..fd3fbeb 100644 --- a/include/linux/bpf-cgroup.h +++ b/include/linux/bpf-cgroup.h @@ -91,7 +91,7 @@ int __cgroup_bpf_check_dev_permission(short dev_type, u32 major, u32 minor, int __ret = 0; \ if (cgroup_bpf_enabled && sk && sk == skb->sk) { \ typeof(sk) __sk = sk_to_full_sk(sk); \ - if (sk_fullsock(__sk)) \ + if (__sk && sk_fullsock(__sk)) \ __ret = __cgroup_bpf_run_filter_skb(__sk, skb, \ BPF_CGROUP_INET_EGRESS); \ } \ -- 2.7.0