From nobody Fri Jun 19 10:14:24 2026 Received: from out-170.mta0.migadu.com (out-170.mta0.migadu.com [91.218.175.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AA83D38B7DB for ; Fri, 24 Apr 2026 10:42:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=91.218.175.170 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777027354; cv=none; b=MEXFR2/lhoIBw7MEZCB2yKS+ipOPud4iSU5B7xyy0W5I8Pof7NzTZMsAwGFyzmZH46EQUKRz7EVyX2Jb+la0N7tOJ8bWHGPs48UEzoKTiB2chsNd4Ta5WTUQAbIKWKr+ovvlMpw0LsBRr+8/ohrMGMs673/2NZXQW8iC9eQwwyM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777027354; c=relaxed/simple; bh=KYN5vQK9o4itUNm01aqvLz11z6UGNL1p5CAu4M7+vn0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=BCHAwE00QztJeJ87AuRxnU6T0wfbahxOxqfsHtjO9bAnrUjubWgo2sX0YYgn5cPHSimQCym8MGguzxMAzCVjNhyUc6q0fOaRBCij1Wu1BywnJwsfsgAg+RqqLu5bwJlnCUCbGtJILLNBAhcCOj3CRUU331TbYjmAyfJJ/29BXJM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev; spf=pass smtp.mailfrom=linux.dev; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b=uvDVvc/A; arc=none smtp.client-ip=91.218.175.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="uvDVvc/A" X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1777027349; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/a9gKZ5swoURq09zQknYGoxq1uz7/i9spgkhwJ2l2tQ=; b=uvDVvc/A3ArsBiQ6LZAuJ35hbQrJfEwtrbrZr8Q94B3hiLudKd1nEAVKVtfF8TGMq+wZVM +Ucx0nJ3s7Q8x/Gs38jO8ngmmiSsq81avcxF0phDu/uGKElmmE/0a+NW4kLQynFcneu4hk 9a8LI6WRj3YmFJc4I3YvEPQ3jKcEsDs= From: Jiayuan Chen To: bpf@vger.kernel.org Cc: Jiayuan Chen , Yinhao Hu , Kaiyan Mei , Dongliang Mu , Daniel Borkmann , Nikolay Aleksandrov , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Martin KaFai Lau , John Fastabend , Stanislav Fomichev , Alexei Starovoitov , Andrii Nakryiko , Eduard Zingerman , Kumar Kartikeya Dwivedi , Song Liu , Yonghong Song , Jiri Olsa , Simon Horman , Jesper Dangaard Brouer , Willem de Bruijn , Samiullah Khawaja , Hangbin Liu , Krishna Kumar , Kuniyuki Iwashima , =?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?= , netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH bpf v2 1/3] bpf, tcx: reject offloaded programs on attach Date: Fri, 24 Apr 2026 18:41:40 +0800 Message-ID: <20260424104201.217604-2-jiayuan.chen@linux.dev> In-Reply-To: <20260424104201.217604-1-jiayuan.chen@linux.dev> References: <20260424104201.217604-1-jiayuan.chen@linux.dev> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT Content-Type: text/plain; charset="utf-8" An offloaded prog's bpf_func is replaced by bpf_prog_warn_on_exec(), since it's supposed to run on the NIC, not the host. But tcx doesn't check this and happily attaches it to the software path, so the first packet hits the WARN. XDP already guards this in dev_xdp_attach(); tcx just never got the same check. Add it to tcx_prog_attach(), tcx_link_attach() and also tcx_link_update() so the fix cannot be bypassed by loading a normal program and then swapping it out via BPF_LINK_UPDATE. Use bpf_prog_is_offloaded() rather than bpf_prog_is_dev_bound() + bpf_offload_dev_match() (as XDP does): bpf_prog_dev_bound_init() already rejects BPF_F_XDP_DEV_BOUND_ONLY for BPF_PROG_TYPE_SCHED_CLS, so a dev-bound SCHED_CLS program is always offloaded. The simpler check is sufficient and also rejects attaching a program offloaded to device A onto device B. Fixes: e420bed025071 ("bpf: Add fd-based tcx multi-prog infra with link sup= port") Reported-by: Yinhao Hu Reported-by: Kaiyan Mei Reported-by: Dongliang Mu Closes: https://lore.kernel.org/bpf/64d8e2b5-a214-4f3c-b9e8-bcedbcb2c602@hu= st.edu.cn/ Signed-off-by: Jiayuan Chen --- kernel/bpf/tcx.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/kernel/bpf/tcx.c b/kernel/bpf/tcx.c index 02db0113b8e7c..1144627483d53 100644 --- a/kernel/bpf/tcx.c +++ b/kernel/bpf/tcx.c @@ -16,6 +16,9 @@ int tcx_prog_attach(const union bpf_attr *attr, struct bp= f_prog *prog) struct net_device *dev; int ret; =20 + if (bpf_prog_is_offloaded(prog->aux)) + return -EINVAL; + rtnl_lock(); dev =3D __dev_get_by_index(net, attr->target_ifindex); if (!dev) { @@ -209,6 +212,9 @@ static int tcx_link_update(struct bpf_link *link, struc= t bpf_prog *nprog, struct net_device *dev; int ret =3D 0; =20 + if (bpf_prog_is_offloaded(nprog->aux)) + return -EINVAL; + rtnl_lock(); dev =3D tcx->dev; if (!dev) { @@ -315,6 +321,9 @@ int tcx_link_attach(const union bpf_attr *attr, struct = bpf_prog *prog) struct tcx_link *tcx; int ret; =20 + if (bpf_prog_is_offloaded(prog->aux)) + return -EINVAL; + rtnl_lock(); dev =3D __dev_get_by_index(net, attr->link_create.target_ifindex); if (!dev) { --=20 2.43.0 From nobody Fri Jun 19 10:14:24 2026 Received: from out-177.mta0.migadu.com (out-177.mta0.migadu.com [91.218.175.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CBA5638B7BA for ; Fri, 24 Apr 2026 10:42:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=91.218.175.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777027365; cv=none; b=B0/q7TCfRGbPRo//ZzCjvHaqsZRu95zBL9iDFLSAuaWXpSYT/O7S/mEobGQ3MGdJsg8hbi5Lb6c09lNC3r+kijVCIXRrkmJu+m3uQDrSj0oUp3r76klugVDc18fon1IrCXw3tNEynoU3gmz0pcxXR4veHs/QjJnypxG3WkinceI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777027365; c=relaxed/simple; bh=wpabQn1ol/qItAAjOBPAvpNVjKrZhE/WdQTRvEr4a78=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Tepdzr96ZFMIXHGQLK3wLcSlbZRhFzQ+ybXot+YtIaqoXDG67bvWF4fge6HNDcOGBex3Nq1ecBnZpTidTYsaF3iON+JC3Zga2Bcuu9dig7FAfVVItYbJOClwqUh+FwkBBB/oMzQKpQl6XcS50gXkCnrYUjaWcT4pqzTTJmTVR64= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev; spf=pass smtp.mailfrom=linux.dev; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b=TJ2F6pv8; arc=none smtp.client-ip=91.218.175.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="TJ2F6pv8" X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1777027361; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Jk7ozpk8BJdqj1K1xG4zup/ZZJh6Q5ZPNMKI0G/5YVU=; b=TJ2F6pv8tfnL3d8biVvAVVopk33/6mK7bR+gtjdDvF0cBiNmG9u+ahJPTZn934Ig7jbqWE An/JgFz9B4Mq6XI99mwkUdJs2KxvH9f17sMaz2lni0DvKZxZDnnyJoMq0gzvlePjsmVim1 TdVkc0i7rlyroI+gnDdGNGddffpa/TY= From: Jiayuan Chen To: bpf@vger.kernel.org Cc: Jiayuan Chen , Daniel Borkmann , Nikolay Aleksandrov , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Martin KaFai Lau , John Fastabend , Stanislav Fomichev , Alexei Starovoitov , Andrii Nakryiko , Eduard Zingerman , Kumar Kartikeya Dwivedi , Song Liu , Yonghong Song , Jiri Olsa , Simon Horman , Jesper Dangaard Brouer , Willem de Bruijn , Samiullah Khawaja , Hangbin Liu , Krishna Kumar , Kuniyuki Iwashima , =?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?= , netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH bpf v2 2/3] bpf, netkit: reject offloaded programs on attach Date: Fri, 24 Apr 2026 18:41:41 +0800 Message-ID: <20260424104201.217604-3-jiayuan.chen@linux.dev> In-Reply-To: <20260424104201.217604-1-jiayuan.chen@linux.dev> References: <20260424104201.217604-1-jiayuan.chen@linux.dev> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT Content-Type: text/plain; charset="utf-8" Same issue as the tcx fix: netkit accepts SCHED_CLS programs but never checks if they were loaded for hardware offload. If someone loads a program with prog_ifindex pointing to an offload-capable device and then attaches it to a netkit peer, the bpf_func is bpf_prog_warn_on_exec() and the first packet triggers the WARN. Reject offloaded programs in netkit_prog_attach(), netkit_link_attach() and netkit_link_update(). Fixes: 35dfaad7188cd ("netkit, bpf: Add bpf programmable net device") Signed-off-by: Jiayuan Chen --- drivers/net/netkit.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/drivers/net/netkit.c b/drivers/net/netkit.c index 5c0e01396e064..dae4d7b24d80e 100644 --- a/drivers/net/netkit.c +++ b/drivers/net/netkit.c @@ -533,6 +533,9 @@ int netkit_prog_attach(const union bpf_attr *attr, stru= ct bpf_prog *prog) struct net_device *dev; int ret; =20 + if (bpf_prog_is_offloaded(prog->aux)) + return -EINVAL; + rtnl_lock(); dev =3D netkit_dev_fetch(current->nsproxy->net_ns, attr->target_ifindex, attr->attach_type); @@ -683,6 +686,9 @@ static int netkit_link_update(struct bpf_link *link, st= ruct bpf_prog *nprog, struct net_device *dev; int ret =3D 0; =20 + if (bpf_prog_is_offloaded(nprog->aux)) + return -EINVAL; + rtnl_lock(); dev =3D nkl->dev; if (!dev) { @@ -788,6 +794,9 @@ int netkit_link_attach(const union bpf_attr *attr, stru= ct bpf_prog *prog) struct net_device *dev; int ret; =20 + if (bpf_prog_is_offloaded(prog->aux)) + return -EINVAL; + rtnl_lock(); dev =3D netkit_dev_fetch(current->nsproxy->net_ns, attr->link_create.target_ifindex, --=20 2.43.0 From nobody Fri Jun 19 10:14:24 2026 Received: from out-186.mta0.migadu.com (out-186.mta0.migadu.com [91.218.175.186]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CC13A38B7B4 for ; Fri, 24 Apr 2026 10:42:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=91.218.175.186 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777027377; cv=none; b=U7CC54pQT3YMxYdEkWrVAOXQbnXOgZia0idDeT2Of+wJGlhA+oAebkkcoDKaigAmaLdM/7uWlPhJP5XVhCkYnHJKJoIvZ9+4JTACS0iL6PRnC5oT9qN6HneVC9Wfs1LjF8MqxzoOMkS3FrbqooSh4nKza4jTfPZbzihGlSKdq38= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777027377; c=relaxed/simple; bh=J6qvBnUnGRiCjvCO3qjwKnrny5t6sSycWD3gPp2ZMVk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=IRldx+3p0gOD4v3HQQ6QTCfVSjsYeVArdbRoR8HVc/7/1m+ehveBxUiauCvsvNHgawYDmEFV6VNrSK9js73L1FezBcL3HX3Jje2PdQlet6DXFEqahsn624gNH6jbGckVB33EzV5uWglK6qHHA9hArhIhlyNW/T1nyyt0NBov9EI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev; spf=pass smtp.mailfrom=linux.dev; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b=skpCDb1F; arc=none smtp.client-ip=91.218.175.186 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="skpCDb1F" X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1777027373; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5gmf5JLyBQRilWmxu/Ad4jSduwr5kfWqh68zcLQ0kQs=; b=skpCDb1FaAOVr4mBDpYBEGhYX/Edi8xM8T45kPJxvYawq/JTXP9aqyipHWmbjlB//UYh1b mZQFt9/IBgiB7SvtBLeBaqRXZryxVh5CvvqFkhSRWv3MgBHPfYneRQGjtp6/z287GYXvJv wgDC6WJKu9IN568nCXRQ9zCQlu/993s= From: Jiayuan Chen To: bpf@vger.kernel.org Cc: Jiayuan Chen , Daniel Borkmann , Nikolay Aleksandrov , Andrew Lunn , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Martin KaFai Lau , John Fastabend , Stanislav Fomichev , Alexei Starovoitov , Andrii Nakryiko , Eduard Zingerman , Kumar Kartikeya Dwivedi , Song Liu , Yonghong Song , Jiri Olsa , Simon Horman , Jesper Dangaard Brouer , Willem de Bruijn , Samiullah Khawaja , Hangbin Liu , Krishna Kumar , Kuniyuki Iwashima , =?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?= , netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH bpf v2 3/3] bpf, xdp: reject offloaded programs on link update Date: Fri, 24 Apr 2026 18:41:42 +0800 Message-ID: <20260424104201.217604-4-jiayuan.chen@linux.dev> In-Reply-To: <20260424104201.217604-1-jiayuan.chen@linux.dev> References: <20260424104201.217604-1-jiayuan.chen@linux.dev> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Migadu-Flow: FLOW_OUT Content-Type: text/plain; charset="utf-8" Same class of bug as the tcx/netkit fixes: bpf_xdp_link_update() calls dev_xdp_install() directly and bypasses dev_xdp_attach(), so the offload check in dev_xdp_attach() is skipped. A user can create an XDP link in SKB or native mode with a regular program and then replace it via BPF_LINK_UPDATE with an offloaded program, whose bpf_func is bpf_prog_warn_on_exec(), tripping the WARN on the first packet. Mirror the check from dev_xdp_attach(): reject when the link is not in HW mode and the new program is offloaded. Fixes: 026a4c28e1db3 ("bpf, xdp: Implement LINK_UPDATE for BPF XDP link") Signed-off-by: Jiayuan Chen --- net/core/dev.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/core/dev.c b/net/core/dev.c index 831129f2a69b5..984d44b2a626d 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -10648,6 +10648,11 @@ static int bpf_xdp_link_update(struct bpf_link *li= nk, struct bpf_prog *new_prog, =20 netdev_lock_ops(xdp_link->dev); mode =3D dev_xdp_mode(xdp_link->dev, xdp_link->flags); + if (mode !=3D XDP_MODE_HW && bpf_prog_is_offloaded(new_prog->aux)) { + netdev_unlock_ops(xdp_link->dev); + err =3D -EINVAL; + goto out_unlock; + } bpf_op =3D dev_xdp_bpf_op(xdp_link->dev, mode); err =3D dev_xdp_install(xdp_link->dev, mode, bpf_op, NULL, xdp_link->flags, new_prog); --=20 2.43.0