diff options
| author |   Daniel Borkmann <daniel@iogearbox.net> | 2016-09-23 01:28:35 +0200 |
|---|---|---|
| committer |   David S. Miller <davem@davemloft.net> | 2016-09-23 08:40:27 -0400 |
| commit | 2d48c5f9335e48ddac7a52db10bf3bfd01986b9c (patch) | |
| tree | 8d151ae6b835443eed4fe639c90162a346fe0c7c /net/core/filter.c | |
| parent | Merge branch 'hv_netvsc-next' (diff) | |
| download | linux-dev-2d48c5f9335e48ddac7a52db10bf3bfd01986b9c.tar.xz linux-dev-2d48c5f9335e48ddac7a52db10bf3bfd01986b9c.zip | |
bpf: use skb_to_full_sk helper in bpf_skb_under_cgroup
We need to use skb_to_full_sk() helper introduced in commit bd5eb35f16a9
("xfrm: take care of request sockets") as otherwise we miss tcp synack
messages, since ownership is on request socket and therefore it would
miss the sk_fullsock() check. Use skb_to_full_sk() as also done similarly
in the bpf_get_cgroup_classid() helper via 2309236c13fe ("cls_cgroup:
get sk_classid only from full sockets") fix to not let this fall through.
Fixes: 4a482f34afcc ("cgroup: bpf: Add bpf_skb_in_cgroup_proto")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/core/filter.c')
| -rw-r--r-- | net/core/filter.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/core/filter.c b/net/core/filter.c index 0920c2ac1d00..e5d997759d5e 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -2408,7 +2408,7 @@ BPF_CALL_3(bpf_skb_under_cgroup, struct sk_buff *, skb, struct bpf_map *, map, struct cgroup *cgrp; struct sock *sk; - sk = skb->sk; + sk = skb_to_full_sk(skb); if (!sk || !sk_fullsock(sk)) return -ENOENT; if (unlikely(idx >= array->map.max_entries)) |