From: Joe Stringer <joe@wand.net.nz>
Date: Wed, 8 Apr 2020 03:35:40 +0000 (-0700)
Subject: bpf: Fix use of sk->sk_reuseport from sk_assign
X-Git-Tag: v5.15~4044^2~30^2~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=8e368dc72e86ad1e1a612416f32d5ad22dca88bc;p=platform%2Fkernel%2Flinux-starfive.git

bpf: Fix use of sk->sk_reuseport from sk_assign

In testing, we found that for request sockets the sk->sk_reuseport field
may yet be uninitialized, which caused bpf_sk_assign() to randomly
succeed or return -ESOCKTNOSUPPORT when handling the forward ACK in a
three-way handshake.

Fix it by only applying the reuseport check for full sockets.

Fixes: cf7fbe660f2d ("bpf: Add socket assign support")
Signed-off-by: Joe Stringer <joe@wand.net.nz>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Link: https://lore.kernel.org/bpf/20200408033540.10339-1-joe@wand.net.nz
---

diff --git a/net/core/filter.c b/net/core/filter.c
index 7628b94..7d6ceaa 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -5925,7 +5925,7 @@ BPF_CALL_3(bpf_sk_assign, struct sk_buff *, skb, struct sock *, sk, u64, flags)
 		return -EOPNOTSUPP;
 	if (unlikely(dev_net(skb->dev) != sock_net(sk)))
 		return -ENETUNREACH;
-	if (unlikely(sk->sk_reuseport))
+	if (unlikely(sk_fullsock(sk) && sk->sk_reuseport))
 		return -ESOCKTNOSUPPORT;
 	if (sk_is_refcounted(sk) &&
 	    unlikely(!refcount_inc_not_zero(&sk->sk_refcnt)))