From nobody Mon Jun 15 16:28:54 2026 Received: from SY8PR01CU002.outbound.protection.outlook.com (mail-australiaeastazon11020139.outbound.protection.outlook.com [52.101.150.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 78AEF25524C; Sun, 12 Apr 2026 03:03:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.150.139 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775962996; cv=fail; b=XiVtF9P/Rlpv3UhZAByMF5PKFD2ZYUeP39Tfc/7v9qTt0PZMLq8xHAouTjDRi0oz0I0Y8dmQEYUtpLDNEaJa1fdqyJ1xgia65I3aoG1YikvZSQPJ5KAs80RTYnVzJju3WA/fk9G/BW2Ngkz1NgVSg4sksfMK7KibqW0tGs+JkmI= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775962996; c=relaxed/simple; bh=St0QV69XzIlA6L0XwUB1OlhfJFlxNeYVbDjL7KtxmaI=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:MIME-Version; b=blKTjaakdZUzQkk2e7FPwuLjd9bQBy0qNSCwp3y5xERZjqtXhenu4BwA3M1Qdm1Lh5TzHtiRHkCQK/MOdRTg4qoWVRpTVBmIeQK9QuIH3J3FEqmeWzvmKpu3XxF3FvDc6t66Kb24XyvQPyHzLKjmyPiCE3Tk4kU5l8xBHZiVKB4= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=verivus.ai; spf=pass smtp.mailfrom=verivus.ai; dkim=fail (2048-bit key) header.d=verivus.ai header.i=@verivus.ai header.b=K8r7an4p reason="signature verification failed"; arc=fail smtp.client-ip=52.101.150.139 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=verivus.ai Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=verivus.ai Authentication-Results: smtp.subspace.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=verivus.ai header.i=@verivus.ai header.b="K8r7an4p" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Qm9/X49MGJrQ7HZ3hDhfkXZy29t4H55EAe4Eood/rdKY0d63l+lLh8/oGj21jwO85u5Q9u6RTZiT3s1kVmNMB3P20ozXAHkpNVqx1JUJ/Twb3aC1lsqCIJGCaXEVaXRVPUxMKovkfVGK5LbO+ktkBNVmC8GnKRUfiBx9EMLn/WA1bJr/VqaMVNJCd6lhU4VvWtw7ocjU2F8NxD4MS2U07pvF+vddEi4HadrivfU2WhdXaVDnv3cJdC8q0ANBJyEsZepkS/mFDyr/8CmP8s3Ca1EyrKusU2DhSLaoHgs7PlFjgLTXROdD6IqX3JO0UJiS3atSy7ds+9WGJq4b99Fh0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=lV5AWV7URH8Q6uLLZZOJnYzJTXbze65qgMFVgZSLPTE=; b=NGkotd0jylU0O4VpbufllGNmSt6I3+lJ51lpDuVVGAAKDKrh5kj7IEgAkJUsG2YnjmZl4E0CfKxCRrUqoCItJaOEcH8vHkbpTEg0VBad8rcn8JF2Xq5IQSFnZRFgWiT9iKPaO7NY5ybtzjVYnsB1/iy5fS9C8Urxvn63huBykFBhjV/t0+jwI5rslq/5IXNQqHC5UPd/+L5dmn56kWUrfAqI/kLVwRFShnPb7RO7qjZCznkP2h3F2SYzvF8WKSBzLtlbkEgI2vjNVARSv0QCmczkM5cZydBGo4AEPNRUxMbJkgV4OATSVmghA8sc/Pq6vJsXgXw965o2tZvWOeKr8A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=verivus.ai; dmarc=pass action=none header.from=verivus.ai; dkim=pass header.d=verivus.ai; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=verivus.ai; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lV5AWV7URH8Q6uLLZZOJnYzJTXbze65qgMFVgZSLPTE=; b=K8r7an4pdxtfB3cbWutxSydfMgu9xd6BsD2IUB/l50cHIWjyt/RazPBXhVjvQL/z3J/InpPRIM1ZSExJqKXBjrjuhehOcy7FykZG4Br4KtAgwp9G8UCVKhQNgyNamAryjyhsQiwvM6jGAAeSUdPQ4drLVpKg3p9kE8tM1nQjAnhAGchJcRbhbXSO7QaHUbrYRpimHRGyjqlhp3Z6GsneJorWf+MZiLP4vAKDAD/TRtckrJVMDuwlD1QFrzqmSDIvO4VwjeqN2Dwcbkt478K2e55jSQBfrxiLJJ49wS9YPbSVyyb+Xrn8YFOm/muRdhXsX/+EtEW/tuwxYdJ1reCuBA== Received: from ME0P300MB0853.AUSP300.PROD.OUTLOOK.COM (2603:10c6:220:22a::5) by ME0P300MB0668.AUSP300.PROD.OUTLOOK.COM (2603:10c6:220:22e::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9818.17; Sun, 12 Apr 2026 03:03:10 +0000 Received: from ME0P300MB0853.AUSP300.PROD.OUTLOOK.COM ([fe80::1e3f:9cb9:4a95:b5a2]) by ME0P300MB0853.AUSP300.PROD.OUTLOOK.COM ([fe80::1e3f:9cb9:4a95:b5a2%5]) with mapi id 15.20.9818.017; Sun, 12 Apr 2026 03:03:10 +0000 From: Werner Kasselman To: Martin KaFai Lau , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko CC: John Fastabend , Lawrence Brakmo , Eduard Zingerman , Song Liu , Yonghong Song , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , "David S . Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , "bpf@vger.kernel.org" , "netdev@vger.kernel.org" , "linux-kernel@vger.kernel.org" , Werner Kasselman Subject: [PATCH v2 1/3] bpf: zero dst_reg on sock_ops field guard failure when dst == src Thread-Topic: [PATCH v2 1/3] bpf: zero dst_reg on sock_ops field guard failure when dst == src Thread-Index: AQHcyijlT5ArfyP5c064P2oaI4incA== Date: Sun, 12 Apr 2026 03:03:10 +0000 Message-ID: <20260412030306.3469543-2-werner@verivus.com> References: <20260412030306.3469543-1-werner@verivus.com> In-Reply-To: <20260412030306.3469543-1-werner@verivus.com> Accept-Language: en-AU, en-AT, en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.43.0 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=verivus.ai; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: ME0P300MB0853:EE_|ME0P300MB0668:EE_ x-ms-office365-filtering-correlation-id: 3b45d8cf-3b55-4fae-16cf-08de984007ca x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|7416014|376014|38070700021|22082099003|18002099003|56012099003; x-microsoft-antispam-message-info: fsncDYD2dpAQBgEAFaS0WKKwnnIxw2wHlHZZ6pVRmtzK6Z6Qg6LjiXyJdQPUZh8HjEgqnkYEHwb2k6bllKkCcoFR1EFw7yi/qHtxa9RyA/EPK7+buaZhHN822ZUt62egd8zXFtjqqhks1i3uOO3ejn5jyLI9tbwveL/NXL9kuFjn0aFiQ6wj6SfGuZON4HhC6wI8OI4lkmBvW7Zb/Z/wYq9T4yEzuXCi3V2zGptNL1tewnGdxwMvZVxx9154oIEQDgqZ7TzTClPkUJiarY6QB+n8udhT6aF64Tymv5PCVIh2DPEHEdnjC8AHAltMCdv7MF1jaPHVQKK8R57ybTSfcXwsplOPA148+XBcnfIvMEZxCUhWSTNRYCsTGs8nlyb1FqImvZrRdmzS5zVBNR2d4ick0PVNNKo9/elNyjVkOhFZV3seT3W7ElFBd391Glbk1BqT6Y+kXl33l4CArmIIJqJU8/CY1BsGavrhA1mu2B5ya/Jhbzc3wyJFySRF6WcrR2a7MVRwSrAvuP3TVIjDWJ1dJA3u9i0qAVXGVJoXINt9uRsJ3o6UDuhSpqm5o3XELwWLcdJeOIMHLaOvCfR/5Jrtrb0+AwdxJSZsYNfoA2V+QgTcMry5zH2Pp0C4xSq6xiQnrKpgyYxurpWcoSy0YzmwNTuSwmZ2Oqaixpfs8zc3GOjLeJ3yPfEKrrSlVxFEmhfZJB+EBpK9Krqlk8lcHirmaAWafAtgyEwP+06NmAIMJjxQ4SVgZbsB6SwYJh1DOrgdWEekKm2+LcwWKi4///ekh/ExHb76YWss/43vBsE= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:ME0P300MB0853.AUSP300.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(7416014)(376014)(38070700021)(22082099003)(18002099003)(56012099003);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?sC+pdh4DDyHEaY6+9cgXzWrp+8YBvbj3vH0IrokZPcJ6Kuqcok0nqZhouH?= =?iso-8859-1?Q?MiJNsW5Hzubhx/tSFSs+2pLrjj5O13ZkAXk967gGiWErmU9B7tZvKbLarc?= =?iso-8859-1?Q?FoI/SIV5EN94rBYWGph6Eye3tt4ZvLh9WmcB0Txg1n5o8qBdOUJN0lO5ES?= =?iso-8859-1?Q?8vYgltM54UniB3LjbBHHk+5tHSwPSimhfN086lSEjmGE9tXsBzzcY+7asA?= =?iso-8859-1?Q?Ojx/CEQ76NzxhMkYFMm03ZQG6BIOcqaeawf3OuDiQKXSLmOxmGqIjOBz+V?= =?iso-8859-1?Q?o15KvSjEh8Voyjp+8QtazmYj+hdnQ6ibMIKAKQuKwu9AJP1INw+a4IrI/e?= =?iso-8859-1?Q?Tu+l4wJSSOXN96idkT7bqYjNWeDcPw/YbB1Orw09192oK0cJFjwdyEXjBW?= =?iso-8859-1?Q?spA1pLCZ9BEcbef9W03y76u9qg3cgSdR2RXi3Pl1ahXPT03VlQBJvxKA4+?= =?iso-8859-1?Q?fgeqC0O+2f1Nj2akwjj4gUoY//Lxl4Cah4nryjws8VmTxS+gCsIbcD7tZO?= =?iso-8859-1?Q?wR8S7sI6i8JGYAkHgpPtth13WHxj5iY8T+StGxJ7ark5TGgclS6L8l9v60?= =?iso-8859-1?Q?tuhyYefVM+e9BOTKBfjOjhS7VmD7mFxK7n3C2QveBp+xvDopPFIya8izL2?= =?iso-8859-1?Q?5nh4tfhYr8G1rMnCUUry6gXpRypoDqtH2jC79a96ndI50TeWloB7SrkLG6?= =?iso-8859-1?Q?dHi3+Tu7/SJiRupv1xFUkm8jwOzWvB9ulAZp2YEsLcS/p1MqdwUCXRdNyb?= =?iso-8859-1?Q?25E5ZIMJMztAn4PElZhA4BQ/Qfuvkbfk4o3i8xVnfm7S1ZH9zHiFowaKyK?= =?iso-8859-1?Q?wq0YjxFrVVCQYtQZQifwQIkybrIBZ4G684AvhLZCAiMcANzvBhTSvV5m1b?= =?iso-8859-1?Q?1fqLlw0YrS9BZHHlWxkMpk8wZkzwF4pqL6e7iHk0IX7PUaeY9rNLbiMIxj?= =?iso-8859-1?Q?2UIyocLBSoJIe5+6RcLaskHZFG8HRaEmQtgNjUWgHsc9yE6BnMTrSxAhE8?= =?iso-8859-1?Q?Rx85UDNM4hSB/IVHRMcfZlbrIGAhJhYkPK2ajqxSOZODBuhzRs90Y/yt1K?= =?iso-8859-1?Q?xBU5ngQrRWXZi2vZQkL0NrZHXFxSIZbfcEDLTsj0w2EvxonsgDVzFjfapY?= =?iso-8859-1?Q?VPusqhxR6lnu4Uk7roru4BsrRtVpRIEgo/CiIA1ods+hF8MhYyvlB6qwF4?= =?iso-8859-1?Q?jDLAqvOxjk9bFDAkCJ8+V9YYPfu08wCAvBLth6/hbmHqYLucpe8FGtMlB2?= =?iso-8859-1?Q?lMzry9BcDrbmtBrpLwIRtn7f4JUdtBNM3TL5LpzrualI8wGvzHIfH052w2?= =?iso-8859-1?Q?WW6pM3s55BlOYgPKJSL3sbVlJpQj8U8bSCngVP+jO0xJVUxEkJ7IbMlGPi?= =?iso-8859-1?Q?ONBRJeS8SaoKWmkzNvh5Q/uFR9EgU6eEkOmb9DC8vWBbBokWzpw5erXiwG?= =?iso-8859-1?Q?eHOKX9HMsE3ui2lRTVM2VtEtAS9aVPgj/EigcIqu6kLoxZ/3/cTnhi/Tjw?= =?iso-8859-1?Q?l82uZ6mOSH+cJrRqlkStmzNh0ZNLNm7ekgRlrCvzx3A6ekIbGij4QE2qQH?= =?iso-8859-1?Q?zyhyeJdUJsin+KKe7Vf84CTxkVZTlb1CHuTYUK0l87SnxsWq9h12lt2km2?= =?iso-8859-1?Q?ShFgHHbNYh4dSjYFfNzHRZsFLSG/x6uNBOqLzh/TDR+h0XB6F02IlKqXYY?= =?iso-8859-1?Q?BrDrxttOsBrY77fFvdJLSe2MkBZ3WNv8bgQTd8L3fMDRONXUcXwHlHDviR?= =?iso-8859-1?Q?C5y2jAz6ITnI9s24TBHygIBOh7O+tsJvqTOKFALySyZGDO6hAQyw3d0WqT?= =?iso-8859-1?Q?/4jPYV/vYQ=3D=3D?= Content-Transfer-Encoding: quoted-printable Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-OriginatorOrg: verivus.ai X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: ME0P300MB0853.AUSP300.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: 3b45d8cf-3b55-4fae-16cf-08de984007ca X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Apr 2026 03:03:10.8658 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: ccdcedb0-4edc-4cc8-9791-c44ee6610030 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 7evh+um3CLT1raX9ErPfcEw8cjFesQd5nWMA3pm+LHa5f7Q6hSG1ja9aoGtbrnobknlmNw0e5ztQLOFGja4F1Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: ME0P300MB0668 Content-Type: text/plain; charset="utf-8" When a BPF_PROG_TYPE_SOCK_OPS program reads a tcp_sock-backed context field (e.g. ctx->snd_ssthresh) or ctx->sk using the same register for source and destination, SOCK_OPS_GET_FIELD() and SOCK_OPS_GET_SK() load is_locked_tcp_sock/is_fullsock into a scratch register rather than into dst_reg. On the guard-failure branch the macro only restores the scratch register before falling through, leaving dst_reg holding the unchanged context pointer. Callers expect dst_reg to read as a scalar 0 when the guard fails. Instead the BPF program sees a kernel heap address, which the verifier has already typed as a scalar, giving a narrow kernel pointer leak. Clang does not emit the dst =3D=3D src pattern for normal C ctx field reads, but it is reachable via inline asm and hand-written BPF. Add an explicit BPF_MOV64_IMM(dst_reg, 0) on the failure path in both macros and bump the success-path BPF_JMP_A() to skip over it. Found via AST-based call-graph analysis using sqry. Fixes: fd09af010788 ("bpf: sock_ops ctx access may stomp registers in corne= r case") Fixes: 84f44df664e9 ("bpf: sock_ops sk access may stomp registers when dst_= reg =3D src_reg") Cc: stable@vger.kernel.org Signed-off-by: Werner Kasselman --- net/core/filter.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/net/core/filter.c b/net/core/filter.c index 78b548158fb0..53ce06ed4a88 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -10581,10 +10581,11 @@ static u32 sock_ops_convert_ctx_access(enum bpf_a= ccess_type type, si->dst_reg, si->dst_reg, \ offsetof(OBJ, OBJ_FIELD)); \ if (si->dst_reg =3D=3D si->src_reg) { \ - *insn++ =3D BPF_JMP_A(1); \ + *insn++ =3D BPF_JMP_A(2); \ *insn++ =3D BPF_LDX_MEM(BPF_DW, reg, si->src_reg, \ offsetof(struct bpf_sock_ops_kern, \ temp)); \ + *insn++ =3D BPF_MOV64_IMM(si->dst_reg, 0); \ } \ } while (0) =20 @@ -10618,10 +10619,11 @@ static u32 sock_ops_convert_ctx_access(enum bpf_a= ccess_type type, si->dst_reg, si->src_reg, \ offsetof(struct bpf_sock_ops_kern, sk));\ if (si->dst_reg =3D=3D si->src_reg) { \ - *insn++ =3D BPF_JMP_A(1); \ + *insn++ =3D BPF_JMP_A(2); \ *insn++ =3D BPF_LDX_MEM(BPF_DW, reg, si->src_reg, \ offsetof(struct bpf_sock_ops_kern, \ temp)); \ + *insn++ =3D BPF_MOV64_IMM(si->dst_reg, 0); \ } \ } while (0) =20 --=20 2.43.0 From nobody Mon Jun 15 16:28:54 2026 Received: from SY8PR01CU002.outbound.protection.outlook.com (mail-australiaeastazon11020139.outbound.protection.outlook.com [52.101.150.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 303842DA76C; Sun, 12 Apr 2026 03:03:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.150.139 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775962998; cv=fail; b=eAveWp7LTVBJ35fflozxC8EO6e6BLMCu/TQh87QCteMdYoVDTRLAfdICMs8YWb1Bkvwe+6mGvBHRDN38ezVEmp3DSJZc8b+HZ7neGTS0dqjAn39otHm/jRJsJ8ez2A3ZzAVvBpAQ0QzsCJJuXWH73VZSayma+5Qy1WSsgf5yZlA= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775962998; c=relaxed/simple; bh=95C6nPI9bVx07FFgaxrlksclf9rfDie1CvRpUoFBpjY=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:MIME-Version; b=loCIAruN+NMKrc4fenwxR87LjSFIFa1OqLaEuT+xxGmfKbMuSqfSr5kmguloRWlTWNVJb2TjmmzrhePY7nnT7QOyaumoTXP/wZczulZYdRpx2Zs8Vkjx/KwU/ugXdmO0vLa3izi0GtpU/eujdFVyVbmBcKJYtdew1R/zKfaLiss= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=verivus.ai; spf=pass smtp.mailfrom=verivus.ai; dkim=fail (2048-bit key) header.d=verivus.ai header.i=@verivus.ai header.b=aZs30Lka reason="signature verification failed"; arc=fail smtp.client-ip=52.101.150.139 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=verivus.ai Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=verivus.ai Authentication-Results: smtp.subspace.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=verivus.ai header.i=@verivus.ai header.b="aZs30Lka" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ZMz0ezZxJX7zbHJxOb9hMcdiVOMuIAfWBN8YQu7Ze/5NsmK8gonFcmiYGhrYV4frpApVKVcvMs0KGUXCkOt/USj7OBbVazYjdiHg0xLs0bOH4lqC980226/Pq2kXVHwIZZ3Mx3REotBP5UQq0QI0MkpgbQgwz5mZnWgFJTPdjoC+2SHiZeHJM9WdswgeQV+1o3n97EGYSrTX2CoF8Qz90JLU3uVEEachaxcGdeJcQ4vcayUmhhEghfIIvMWaNVmg1ubp4gHEvYvzlZwvBxmmVKrMBQFOQAX+bkd0hSwrvxsF6rHtcisk6e0skBOIisbxyg0/SxrsW0VwFnS/+X5O1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=AZLV8k1OLoZBCYEaoEE/z3Kt0tmINMbkBl28PBiaICQ=; b=Mx2S+BlKDLc3Zb3Ag4YxwfKm+weRoEuNT12MHrp693LFVivKOzuRF0F41kNuSsXvrjHGU/S2aqOYH0BiZSdQ5m83HovnB8ePWjpMa4GA7x9sqfOagBa73ptwI4lIA9XjFSRbief/GZIxc/6K4efKIEJfFJ/QaQjJOIOdSuGzoHNuFM4WC1yKzZdVSf8eI6uvxTj2VNscKEksDcK55Wmz6/lco8p0/RmqhETR09x9XARTwey351iX1NDKSsjIzxwTfnwd9lvQVX3ZnQAlk5U+TbhzZv8WhsmbNQ1h/tyUQLcP3ZGbAGrmfP4MCXjAD5MrpaBJ9726JxmJhOT9V3/39Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=verivus.ai; dmarc=pass action=none header.from=verivus.ai; dkim=pass header.d=verivus.ai; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=verivus.ai; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AZLV8k1OLoZBCYEaoEE/z3Kt0tmINMbkBl28PBiaICQ=; b=aZs30Lka+vV9lF3TuQfiRLVi0mICz12ZI9a7LfVSMQLqCAcBZtYMzAZLObrzebfkkW4ArbBrsDvMVPT6OJ++oeoqJakTActJ2JDBOmep9Wcwcgu6+Dp5gb1ODXT63ASI9CGc3avELhSfl/j4LsUGsqlYUbvO5XGS9MHqEWNyOxO+lgNr2L2Hn5H/GQzhP7uXGf13c73hv8fM1IaRZCC/Bua8wrOGcVv8qJJ83c3XffmXLA0f/O4pBSJCogJgiUts6v05smvZOJyRYcAf9/V80j2ffuJVEXIbmPJf9TLucUbXAYi3JaMFF3BT+0Fj+L/XA0RSKA9X5uRyabEysJ2S5A== Received: from ME0P300MB0853.AUSP300.PROD.OUTLOOK.COM (2603:10c6:220:22a::5) by ME0P300MB0668.AUSP300.PROD.OUTLOOK.COM (2603:10c6:220:22e::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9818.17; Sun, 12 Apr 2026 03:03:12 +0000 Received: from ME0P300MB0853.AUSP300.PROD.OUTLOOK.COM ([fe80::1e3f:9cb9:4a95:b5a2]) by ME0P300MB0853.AUSP300.PROD.OUTLOOK.COM ([fe80::1e3f:9cb9:4a95:b5a2%5]) with mapi id 15.20.9818.017; Sun, 12 Apr 2026 03:03:12 +0000 From: Werner Kasselman To: Martin KaFai Lau , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko CC: John Fastabend , Lawrence Brakmo , Eduard Zingerman , Song Liu , Yonghong Song , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , "David S . Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , "bpf@vger.kernel.org" , "netdev@vger.kernel.org" , "linux-kernel@vger.kernel.org" , Werner Kasselman Subject: [PATCH v2 2/3] bpf: extract SOCK_OPS_LOAD_TCP_SOCK_FIELD from SOCK_OPS_GET_FIELD Thread-Topic: [PATCH v2 2/3] bpf: extract SOCK_OPS_LOAD_TCP_SOCK_FIELD from SOCK_OPS_GET_FIELD Thread-Index: AQHcyijmxk9liJNJB0WRD69snjJAbw== Date: Sun, 12 Apr 2026 03:03:12 +0000 Message-ID: <20260412030306.3469543-3-werner@verivus.com> References: <20260412030306.3469543-1-werner@verivus.com> In-Reply-To: <20260412030306.3469543-1-werner@verivus.com> Accept-Language: en-AU, en-AT, en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.43.0 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=verivus.ai; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: ME0P300MB0853:EE_|ME0P300MB0668:EE_ x-ms-office365-filtering-correlation-id: fb080b18-1d9b-4b0a-923a-08de984008ea x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|7416014|376014|38070700021|22082099003|18002099003|56012099003; x-microsoft-antispam-message-info: iGoaLNeD4qpmlpUfS+OKxHL2TTOe+nBVUckQ2pXio4w7xFQSnvHO8QVwtMo6y3U57x/vGl1jvJulLMoWLno7vn4lHlCkB6lMJxaXKXjvMTpVa2Bh87U1wfKZeD/8OICl//FB/Y84COHWndXZCOMI1wfUXtcl8OW+mPOcHHXdJsEpTHQsNlQ0N+71T8RcedscCWwgVgBkYrbGeI3+Z38ytTyBx2H9y5raKWJSrqYGYpH1C14zqyFmkXgMHiUOr8+qVO05+kA1NaCwYnKiZ5byzMhKmK8aCpn2sP/gz+UtiEf/WxMv+2XeSvPx8dCLEbpjWf+YaAhndqMz9F0wZ9tL48J0VQBWXlSmB9b0z2WfwbxJnD9WQZjwxlmaVjHT2UizVCvChIrlbm1PVkt0KqvKPZexgcUCajs7tiTCJ+3/5GEfOX2nrchUxmmxMKTgO7Y8SRKzJUd15XwV+kyps0mQNNZ42qn+vaBJwmVOPTRxKKiUF3bRo3Xez06taSxt9F/ezgCwp+WEFynYxouA3uhc0gcuUN0gSg3BXZeXJ0B949CXjW4CAoC3d66E9rOwPtLGjCjHGdrszLZl5hzgp9WkVyKI4by9GQvq2zFj3dELeg3xeDesQOzJfdRV2BzATBZmvgbYWInuzM3qoAxloyeyZJm1hmvb0r1Vei4r7uOKdljmA5vNEeVMIRggP8ocfdn/qQwdIXreWY7UzR+SNnbyFFGCEDHPRPZWKn92yZh/4w2JQ08R6shvHsMGhymnJyJO5jDy51cgYG6TFawCeTV/96BynumlFlSe6IbnibeO2bM= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:ME0P300MB0853.AUSP300.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(7416014)(376014)(38070700021)(22082099003)(18002099003)(56012099003);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?gPq7sKAqpcfkUNaY3tZkTgd2uu+qKt0pmCbyUWKjTaaYZLnYxHrOo/jRxq?= =?iso-8859-1?Q?eyYdNyGTgqs6XjYqZitsn0PyhgYFI4IgfgAKu/Focb7bvF+7o8uyej9lvZ?= =?iso-8859-1?Q?/QiwLQXJaiTRYtozTbXKMbnFAZ88fzyN8Jxz3bWtOMskwVR6MBiZZOY4/G?= =?iso-8859-1?Q?KdUG2SP7c1msgTRoxYLDgekjnA1IkFntPanKNDfGwKdPGjrQwoJgjRHHZR?= =?iso-8859-1?Q?z65HpwG3xX2IcBjdh8uTAontdYnTer1JbRWnXgvmceVTk3SnatIuFNh52/?= =?iso-8859-1?Q?nEKpNK+5lixRFriR/CfQATxqG2jBRKBU9Drj2z3bF9QUanSz49UROEoCdv?= =?iso-8859-1?Q?j46fdSlwMJeSIvnG6vx5G3JlaqK5GxdPRE/Oxec5Hjv0KSJkOMcS/CFVhg?= =?iso-8859-1?Q?2FHtCvgw7HNlipdo7I8ZkmVs6Oz4EK8uogYB9e+XhDHR3eJjj1HuLEWPMQ?= =?iso-8859-1?Q?pveWLkRNzzR2tl1JuNIaF+Q+l128QKWdB0jaKRAIYC5j1j4m10yxeAowfP?= =?iso-8859-1?Q?MbdxPdRDcGUTxW5oLNY/QgEEpyqOEQuq1lQpS8eLEW/lCx7aeqZQQbyPdM?= =?iso-8859-1?Q?FDu1cuzVWeTI7tjJJXUNoIHZ4xxuh83lWQUP01MUPK42hftgs/kyp4nzui?= =?iso-8859-1?Q?+7dJDsZxFCIoOq3ou/t5ViqDJJaIjN308f2B11/18CVV5lh3yNrVb9TF6Q?= =?iso-8859-1?Q?xwVM++FDHPE0wLMJ2/wmzyMRYBg9c2OtvCux10bnyTJWsqSSSlxjAwvdoU?= =?iso-8859-1?Q?gmZEkPl2UlhwmS8xn/qVStC0QXZB40ZOcDBRPFVxsoMMSjKUhgJpQX4oyq?= =?iso-8859-1?Q?QL8QyR4i10auCt2kpEoaXVTldku0pMUjN/1JrD4qWOyHuH41pZ37KHDwGY?= =?iso-8859-1?Q?/H5qpLajscw4vUBP1V/oe3y6ch0G6tTvehHPh6I8Rg67wepvkhsv+aLxwi?= =?iso-8859-1?Q?mYYKGITMuFKW2w8ptpO3NDiQRbkQbpexKe65NvM+DcXDl7HbGRrfOl/qtt?= =?iso-8859-1?Q?e1QBBpVJ9ij4zFnDqIh2MjLrhj2/JB7txYE8iIfZmHjKesXDjSuuFUtW3j?= =?iso-8859-1?Q?ttfBcHxLtMJ1mlCUipZnn18E8c1yjbr2iczbCPWL3PXs+h5ZAl1DQ3Hp0L?= =?iso-8859-1?Q?liogMdDkXVKp6K8q9Vh336VckhNaRdbCoxPFIdkuQZSDSgWUoLjVpgGuqK?= =?iso-8859-1?Q?0Aw7DxOZYsS9Th0eUc+7zriiq9jtvvcx4vungBpPnCy6Uj1zfBPKYzxo2a?= =?iso-8859-1?Q?8naslphYIMJ3WreGI+kcFOUGkRuwwOM0LRMFRxnlwGcGD0K2ZqaKbQumlC?= =?iso-8859-1?Q?3Y8PXzN8Q+r5Hhpgurq6XWCaOzZ769wzLaepsoLwhg8yvWqHVHNwoVO5X7?= =?iso-8859-1?Q?XVTlrLyZepRlhDj3Yt/NbGeTK4i83EhC2E0JTieOHNnSqpwVs+ot0oXt9p?= =?iso-8859-1?Q?2n9Y4F0yuKMNyZmjYYnDT+8xLSALN11Xme6RpIQIzYS62G9BDW5EUmMlUq?= =?iso-8859-1?Q?js+NGrNSPmrGHSaIhf6RGElt8d2pAYflcYHzhVp7I9OUKUXm39EeJS1BQ6?= =?iso-8859-1?Q?qwR0yWzJ4j4TRPdh9c97hD5d7Aos0rdPj1Zu5f7HZmt/hHb9HdMKRkHScN?= =?iso-8859-1?Q?nRcVgF56pErHMSdwnx1XEcU0V800j6EjizER6WFxLQ9LrmQI6+XZagVQ8Z?= =?iso-8859-1?Q?5rL2d5v9C9VSQeIkI4S4kVoTXuakUVqefoRP+ICXCPY0jj65DXx8zbMrtZ?= =?iso-8859-1?Q?+yaJ00B34QDCM/abybtF8ZGAFeplLWvWyxr9a6wECarc8lux0PGq2Rlsgt?= =?iso-8859-1?Q?hlMweQiQug=3D=3D?= Content-Transfer-Encoding: quoted-printable Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-OriginatorOrg: verivus.ai X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: ME0P300MB0853.AUSP300.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: fb080b18-1d9b-4b0a-923a-08de984008ea X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Apr 2026 03:03:12.7612 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: ccdcedb0-4edc-4cc8-9791-c44ee6610030 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: I9GZHugJHVOXbbNFHhRNrX3/fusQtrhp3vsFY7ZE4gurynBARc80e/qp0YEmlEDysFxYjoUiaptDHVp5LiojeQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: ME0P300MB0668 Content-Type: text/plain; charset="utf-8" Split the tcp_sock field load sequence out of SOCK_OPS_GET_FIELD() into SOCK_OPS_LOAD_TCP_SOCK_FIELD(FIELD_SIZE, FIELD_OFFSET) so it can be reused for fields that are not direct struct members. No functional change. Signed-off-by: Werner Kasselman --- net/core/filter.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/net/core/filter.c b/net/core/filter.c index 53ce06ed4a88..385fc3e9eb4a 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -10544,12 +10544,10 @@ static u32 sock_ops_convert_ctx_access(enum bpf_a= ccess_type type, struct bpf_insn *insn =3D insn_buf; int off; =20 -/* Helper macro for adding read access to tcp_sock or sock fields. */ -#define SOCK_OPS_GET_FIELD(BPF_FIELD, OBJ_FIELD, OBJ) \ +/* Helper macro for adding guarded read access to tcp_sock fields. */ +#define SOCK_OPS_LOAD_TCP_SOCK_FIELD(FIELD_SIZE, FIELD_OFFSET) \ do { \ int fullsock_reg =3D si->dst_reg, reg =3D BPF_REG_9, jmp =3D 2; \ - BUILD_BUG_ON(sizeof_field(OBJ, OBJ_FIELD) > \ - sizeof_field(struct bpf_sock_ops, BPF_FIELD)); \ if (si->dst_reg =3D=3D reg || si->src_reg =3D=3D reg) \ reg--; \ if (si->dst_reg =3D=3D reg || si->src_reg =3D=3D reg) \ @@ -10576,10 +10574,9 @@ static u32 sock_ops_convert_ctx_access(enum bpf_ac= cess_type type, struct bpf_sock_ops_kern, sk),\ si->dst_reg, si->src_reg, \ offsetof(struct bpf_sock_ops_kern, sk));\ - *insn++ =3D BPF_LDX_MEM(BPF_FIELD_SIZEOF(OBJ, \ - OBJ_FIELD), \ + *insn++ =3D BPF_LDX_MEM(FIELD_SIZE, \ si->dst_reg, si->dst_reg, \ - offsetof(OBJ, OBJ_FIELD)); \ + FIELD_OFFSET); \ if (si->dst_reg =3D=3D si->src_reg) { \ *insn++ =3D BPF_JMP_A(2); \ *insn++ =3D BPF_LDX_MEM(BPF_DW, reg, si->src_reg, \ @@ -10589,6 +10586,14 @@ static u32 sock_ops_convert_ctx_access(enum bpf_ac= cess_type type, } \ } while (0) =20 +#define SOCK_OPS_GET_FIELD(BPF_FIELD, OBJ_FIELD, OBJ) \ + do { \ + BUILD_BUG_ON(sizeof_field(OBJ, OBJ_FIELD) > \ + sizeof_field(struct bpf_sock_ops, BPF_FIELD)); \ + SOCK_OPS_LOAD_TCP_SOCK_FIELD(BPF_FIELD_SIZEOF(OBJ, OBJ_FIELD),\ + offsetof(OBJ, OBJ_FIELD)); \ + } while (0) + #define SOCK_OPS_GET_SK() \ do { \ int fullsock_reg =3D si->dst_reg, reg =3D BPF_REG_9, jmp =3D 1; \ --=20 2.43.0 From nobody Mon Jun 15 16:28:54 2026 Received: from SY8PR01CU002.outbound.protection.outlook.com (mail-australiaeastazon11020139.outbound.protection.outlook.com [52.101.150.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 20C022F0C74; Sun, 12 Apr 2026 03:03:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=52.101.150.139 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775963000; cv=fail; b=qX0Yo6O0HRY/YsvF7RFKOOCMfUiFHm++elbno8V9tjbRwzw6qrz3uemH/E+o4aUVD0+WnAx7id5plKjPfbTNhwsGJHiEG2mX6SLjJrHaG00d9qRqPsYTARRqIW3rB4XWtBrwGpaQ3IbjyAaaEb0gpMTlzpLzcZ394paM2lg1pXM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775963000; c=relaxed/simple; bh=Q+FWb6UC5/GobjEddZLnCx3OFoqJVraWXxOUiBcAQmI=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:MIME-Version; b=FPtqHB9lfWGm5BeyWZoRLTBc/5tq9QKaF6sfGrMNLHWN/y7ATSj23F23ZGFc15RptcXXW2DD3JkTDtQZDMNMXZfBxhVlDihlx0K3mepBHJPCvKZGWj2ZOFdnJ9TvEyPMBligRI0jM0r1Tfj1oDvUuhDP+ZmPTLq2+uvkv4ilQF8= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=verivus.ai; spf=pass smtp.mailfrom=verivus.ai; dkim=fail (2048-bit key) header.d=verivus.ai header.i=@verivus.ai header.b=nn5IIyDn reason="signature verification failed"; arc=fail smtp.client-ip=52.101.150.139 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=verivus.ai Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=verivus.ai Authentication-Results: smtp.subspace.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=verivus.ai header.i=@verivus.ai header.b="nn5IIyDn" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=GMCYLjkTHzz3ke3+X08eaGomhca+oT5l7ZNnrra9erhnnj5JDuuY1LAwtDfjL1MW3HCgZ2jBeUEss8lKSzEg5lJq6X0G5EPqUG2eskwksNuxNa2U+giMh385DegKlLuBYRQsquY8/Yd28MotePaKEHVQ3tntv7XH2ml9W1ibx4wF+uiNt2ydLVQyZsVnAygq2puzqaypuwZS9jiXvc8TnMyCc1VEpkiLlJ5exdmwSXCxGUzhGkoZ+nAHRqA2EKmjq4u77xEmYYPz/MOxH0YSkqO0MaTdYyvQl8E4i1n2E4k6oSZkNXxenOkz95iDVsNmvNiTSoU1et7HcHAfCYKECA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ClP1KiamlEhqHK9kogOYxtZqY49ve67IBE2FN6I1cX8=; b=FgHaIZdYXQrUiyyVv8UK7RSbKpkdS0/Z6I1WpLhhY9Xv/pTpyAjT8jbU8ltP/gw5y0EiXx2iwerjoiQ12sv+mEb9qFxhJd9T28xr/BKjXiJYn+bCMRtcdl/skQkXCEyYYUZC4dM8TEuvzAjYdC1pGUsv7VgzjL0aMW+pbi+uKQBrZc8RDWAt/UCjgGfy2oKZQwbIxAm620CP5tFKX0mO553eawVVVyk0uEyeEbEZn9PfXcxTo2ypq55zVccc4RccjcvMx2brOESmpXWY9/7iRoh8alAo3abryzr4F99AVn6T+LK0Jo01VKmbKgpKtZ6L6dJXYjoncugQEuHDrsdTPw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=verivus.ai; dmarc=pass action=none header.from=verivus.ai; dkim=pass header.d=verivus.ai; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=verivus.ai; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ClP1KiamlEhqHK9kogOYxtZqY49ve67IBE2FN6I1cX8=; b=nn5IIyDnT5l27VjRiURGGLYtGWav3rKoCSsIhmnKS9sPFcRKcF4s5KgVWYKSUjWDAhwkJefHb/QsIVAtJH+smAllnE1eoTsgU+7ZzI+1NeBOCn1Xg1vzm3PZch8t6cUpxHj0SH6dmf/uz9aEYtnyk1Hx4yon7X11JpmOeMHJjeI0Lkl/DXFpwmBI6zf5yk0WWkbPeBPzCodKcEU2HhPuBdJKtz6sN5G/0CwIMWXT5VZWDHsl+f1IQKLCZ4VQw1zDjeqei2tLNzXTXPnL0M5H8HzgZ11fmmlqaZQdbKC5FpAiJoRvrqRwAKwW1MlyHU9WU+U+sQYAjJpxRzydSQyX2g== Received: from ME0P300MB0853.AUSP300.PROD.OUTLOOK.COM (2603:10c6:220:22a::5) by ME0P300MB0668.AUSP300.PROD.OUTLOOK.COM (2603:10c6:220:22e::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9818.17; Sun, 12 Apr 2026 03:03:14 +0000 Received: from ME0P300MB0853.AUSP300.PROD.OUTLOOK.COM ([fe80::1e3f:9cb9:4a95:b5a2]) by ME0P300MB0853.AUSP300.PROD.OUTLOOK.COM ([fe80::1e3f:9cb9:4a95:b5a2%5]) with mapi id 15.20.9818.017; Sun, 12 Apr 2026 03:03:14 +0000 From: Werner Kasselman To: Martin KaFai Lau , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko CC: John Fastabend , Lawrence Brakmo , Eduard Zingerman , Song Liu , Yonghong Song , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , "David S . Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , "bpf@vger.kernel.org" , "netdev@vger.kernel.org" , "linux-kernel@vger.kernel.org" , Werner Kasselman Subject: [PATCH v2 3/3] bpf: guard sock_ops rtt_min against non-locked tcp_sock Thread-Topic: [PATCH v2 3/3] bpf: guard sock_ops rtt_min against non-locked tcp_sock Thread-Index: AQHcyijn8WB+tCGVOUqZuGYSLPl7Ww== Date: Sun, 12 Apr 2026 03:03:14 +0000 Message-ID: <20260412030306.3469543-4-werner@verivus.com> References: <20260412030306.3469543-1-werner@verivus.com> In-Reply-To: <20260412030306.3469543-1-werner@verivus.com> Accept-Language: en-AU, en-AT, en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: git-send-email 2.43.0 authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=verivus.ai; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: ME0P300MB0853:EE_|ME0P300MB0668:EE_ x-ms-office365-filtering-correlation-id: d1022f83-80cd-4570-c552-08de98400a03 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|366016|7416014|376014|38070700021|22082099003|18002099003|56012099003; x-microsoft-antispam-message-info: V8KEuDbuWHINWGV9KAvdNdv4ncVua848ikou4/Xwp63qTbR3strp2t0H308jNBcxu3tk7I9SpW5UGNU9ghDmXIuplMFwZ0E/34g1ffzRoqnp56gv2jr3bw7/DSKpzVew+gYqITzmDOS8oZip/U8ygq5fbjAq+rbqS2CErcUftxvPwrB2QPF7uPEabCjXGCu5YLtIU/uslSzFHfHLPH5w2JQOLRbF0DKOO1Z6QxEbCbxTeCh6aoKi8wqEaSr5oQcrBS9uzQF4NYG2GB/RHp3k8hoMNH5/Og7Py+u9bNKNvkBi3ZlAuctu0oAmgRl0cukESlBu8xvPoQzXhcyoDZ+KOACSHJDa3jYDFLWto5HVOwhSqUI4yzsYqtwH/jCluOst6njxWh3KPRtUigS0n/rxY/buTvddgXqDEXtix3/Ym8/hnepiPB3RGoFcWp1vTdsKoy4oeRq8rzNx83EwSHMzgvQm9EWyDQlhHxMlI0y6noby00SA1649YZgTV60ew/VxW7r5lunsi4gRTZYWBhajH99xfZyCEssW5fUEy8xRJw+Tzvc4aLuv1DidaePOWgQOXhNoMKNKPhfcDZZo0s9qkaEDrzj0oe2dr5fvvXnSaJNfjuIkW3swVcQjXM0OlVFQpmuJ+SGs8mDcPqed/39ISEcyWbG6JEyHYIsDAWG+OOwHJa7IlJV23gsGPZDHjn1W93gEBZBQlqW8wiJ/cZqW6VZKgKbawpYMenH7TFxoUtb30SaUbfoMYmWh5pxfxajeih9+NT2TucyRAIxJZAGxR+UTWm1THMNj3pTUFebPUTs= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:ME0P300MB0853.AUSP300.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(7416014)(376014)(38070700021)(22082099003)(18002099003)(56012099003);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?BZHWBI9khLTURBlg9DTTWxM8Rc4YlPr+ig2r5fMdcUcjHpwEOHjX72l1r7?= =?iso-8859-1?Q?IFdIQWUgIze1fgYhKf0EjHc9UiD7vkpr//k59j2E/xHpLWmq93VvJ2Zeo9?= =?iso-8859-1?Q?aHPOjLSepso7ZyIOhHQJsDy30GzFvBrxyp+nLTS/HFA+OQ+a/3YblT5aMA?= =?iso-8859-1?Q?CIev3dzwKIcqq5eWFt1yAm8yCRB1H1mBYgcD+l54G9QdRbkVZ4kyFx/+SU?= =?iso-8859-1?Q?hYMIlSd7ZTy37gMnD33iXPyYPFiG/2XLcZZe+REMQQgTfVLcSf1kvYXBh3?= =?iso-8859-1?Q?KrFqn7Y7evk/PKpThliIuj6EgTl6faKyElox26z861JbAvjaLGJqpVqNeG?= =?iso-8859-1?Q?Vi9/Rodl50txqpcoFnsfC+qppHdbD9P+E9jY+q4DlequWjoU17Gcjx/qKT?= =?iso-8859-1?Q?sq4lHAvzA+HmAiB/A/Ju8qLq38r++0eg1ncelHRhyUmi6JBs0OPL548vkJ?= =?iso-8859-1?Q?ZVflb1VkHvchnDsjp7WX9a+fHzUGuZK8B7NLMjZfwiW2z9y8asa4A80uWC?= =?iso-8859-1?Q?vJLbTikPfcc+XgsWle94yCrLTyVUsurZ+uYYfl+pv8NSyhxc7T+Es8AgOm?= =?iso-8859-1?Q?JvjIy3cdYbqybA2gZbQv48oRAHY1hBnpbPNuzLbpPK0mwtStDePC665rAb?= =?iso-8859-1?Q?lgA8WTjT2lPjnQVf37jHiVFgI2EFo5PSgEPXoKd1Foj6SNiDnQCNwuwyuH?= =?iso-8859-1?Q?bApycwkR8UKadVr7qWTY8lHpf34N9Y5CYv3q029tHCGsDBbKXGYjQSvH/c?= =?iso-8859-1?Q?2arZ4NHbIGyhFQmpyfuF3k3+bMMDD4tDq3MQEqPoyBCmGhrcXS+Q0IFX0+?= =?iso-8859-1?Q?1RZ9Xr+lTnLAslQI95vcfXG1unwb8il2eRLM5DX4l+q4xXIq5GI8+Cy+WW?= =?iso-8859-1?Q?bwNkZvueA40bVJhdGhh6aERAU6kgquBQ4dLvf42jTK71Yr7yPYBh0/F1l6?= =?iso-8859-1?Q?OeXdolNsfTnjFEyKWBuIVyA2D/ACA7bIb+HwQFr03OuR3Zg8wrSimbWwkc?= =?iso-8859-1?Q?8Rpemsre1ocs8IoO5Np65nhcUFTK6TiHcQk8tfKVqRdjgxn+Bc+w7IgL2r?= =?iso-8859-1?Q?aj/OXnX/p4Rh8p8qA5xjrXHIH4qXqJ4t8eh2YtTX6NXSYyWhrA7dxsqMbB?= =?iso-8859-1?Q?B63UmyoZ11hm69gApyqvrTk2VoHv1YJI/juj8+mQSL+MqeVDj28GVZoca4?= =?iso-8859-1?Q?LS3Kf4iPm13WCzzTy3w8uGJOIR6loh9yaPikiWxNMZ5jjaKwSz2oG4pbSp?= =?iso-8859-1?Q?yoreE55rgpsx/uJbZ9GKavje4IAuEFhmqCnfVVZB+TJhuE7U0BJzlRvjvd?= =?iso-8859-1?Q?JL/jjNutLw48dxW5+8lhZX1H6KkksH6XWqOII4zH9kSUAQethFls2hqhC3?= =?iso-8859-1?Q?riwO8VwlGAZ6e14Nav9FMKnqbE6dURwWMw8Uvsp4QnsicTNcgFr73w1ZG2?= =?iso-8859-1?Q?juRTMJSzXyHPYUg5ePe7m73ZHCtWJt/VOndPM90vFVzLJm3zrDspkEyPV4?= =?iso-8859-1?Q?i7ZGj+OC0MRV9liM+p2st7ziQrmwaqPcFaI8DMC3pEdb4FSf/CBhzvSkXg?= =?iso-8859-1?Q?ya9/B++V+lvbG0RqKCDxO8B0uNIwhHsY9pueGwIdVIfslKk9Qvgjrd7rNO?= =?iso-8859-1?Q?4Z7R9dl+4C6u0nlLUvmOSajxgPyiI9oDt1a7TUFRnsvEycUdT+PK48UeLR?= =?iso-8859-1?Q?Dk4L3Wi23X0/XAM462KOG5ApzqhQ/jkWzSRI1jIFe5mgfASE5YglmUULrN?= =?iso-8859-1?Q?qEvR822F0uXsxAM4RGiRtKdUPzRboRrYSh8TunY5Mi3V3CLWK64fSsv8lr?= =?iso-8859-1?Q?EPSo0qGTWg=3D=3D?= Content-Transfer-Encoding: quoted-printable Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-OriginatorOrg: verivus.ai X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: ME0P300MB0853.AUSP300.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: d1022f83-80cd-4570-c552-08de98400a03 X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Apr 2026 03:03:14.5931 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: ccdcedb0-4edc-4cc8-9791-c44ee6610030 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: gOoXBkhwV7ZPHdY6wzzPHUeHefLya7vYFcY5l0DNgwJCUvZ09PZ8jwkTjKMDVSHMIiCkTdOAQJfJac7RPD7WZg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: ME0P300MB0668 Content-Type: text/plain; charset="utf-8" sock_ops_convert_ctx_access() reads rtt_min without the is_locked_tcp_sock guard used for every other tcp_sock field. On request_sock-backed sock_ops callbacks, sk points at a tcp_request_sock and the converted load reads past the end of the allocation. Use SOCK_OPS_LOAD_TCP_SOCK_FIELD() so the load is guarded, and compute the offset via offsetof(struct minmax_sample, v). Found via AST-based call-graph analysis using sqry. Fixes: 44f0e43037d3 ("bpf: Add support for reading sk_state and more") Cc: stable@vger.kernel.org Signed-off-by: Werner Kasselman --- net/core/filter.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/net/core/filter.c b/net/core/filter.c index 385fc3e9eb4a..88fa290caeaa 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -10836,14 +10836,12 @@ static u32 sock_ops_convert_ctx_access(enum bpf_a= ccess_type type, sizeof(struct minmax)); BUILD_BUG_ON(sizeof(struct minmax) < sizeof(struct minmax_sample)); + BUILD_BUG_ON(offsetof(struct tcp_sock, rtt_min) + + offsetof(struct minmax_sample, v) > S16_MAX); =20 - *insn++ =3D BPF_LDX_MEM(BPF_FIELD_SIZEOF( - struct bpf_sock_ops_kern, sk), - si->dst_reg, si->src_reg, - offsetof(struct bpf_sock_ops_kern, sk)); - *insn++ =3D BPF_LDX_MEM(BPF_W, si->dst_reg, si->dst_reg, - offsetof(struct tcp_sock, rtt_min) + - sizeof_field(struct minmax_sample, t)); + off =3D offsetof(struct tcp_sock, rtt_min) + + offsetof(struct minmax_sample, v); + SOCK_OPS_LOAD_TCP_SOCK_FIELD(BPF_W, off); break; =20 case offsetof(struct bpf_sock_ops, bpf_sock_ops_cb_flags): --=20 2.43.0