diff options
| author | Zijian Zhang <zijianzhang@bytedance.com> | 2024-12-10 01:20:39 +0000 | 
|---|---|---|
| committer | Daniel Borkmann <daniel@iogearbox.net> | 2024-12-20 17:59:47 +0100 | 
| commit | d888b7af7c149c115dd6ac772cc11c375da3e17c (patch) | |
| tree | 3075d7547e00e87264452341055b410b4068d5e4 /rust/helpers/security.c | |
| parent | 54f89b3178d5448dd4457afbb98fc1ab99090a65 (diff) | |
tcp_bpf: Add sk_rmem_alloc related logic for tcp_bpf ingress redirection
When we do sk_psock_verdict_apply->sk_psock_skb_ingress, an sk_msg will
be created out of the skb, and the rmem accounting of the sk_msg will be
handled by the skb.
For skmsgs in __SK_REDIRECT case of tcp_bpf_send_verdict, when redirecting
to the ingress of a socket, although we sk_rmem_schedule and add sk_msg to
the ingress_msg of sk_redir, we do not update sk_rmem_alloc. As a result,
except for the global memory limit, the rmem of sk_redir is nearly
unlimited. Thus, add sk_rmem_alloc related logic to limit the recv buffer.
Since the function sk_msg_recvmsg and __sk_psock_purge_ingress_msg are
used in these two paths. We use "msg->skb" to test whether the sk_msg is
skb backed up. If it's not, we shall do the memory accounting explicitly.
Fixes: 604326b41a6f ("bpf, sockmap: convert to generic sk_msg interface")
Signed-off-by: Zijian Zhang <zijianzhang@bytedance.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: John Fastabend <john.fastabend@gmail.com>
Link: https://lore.kernel.org/bpf/20241210012039.1669389-3-zijianzhang@bytedance.com
Diffstat (limited to 'rust/helpers/security.c')
0 files changed, 0 insertions, 0 deletions
