bpf: Fix use of sk->sk_reuseport from sk_assign

In testing, we found that for request sockets the sk->sk_reuseport field may yet be uninitialized, which caused bpf_sk_assign() to randomly succeed or return -ESOCKTNOSUPPORT when handling the forward ACK in a three-way handshake. Fix it by only applying the reuseport check for full sockets. Fixes: cf7fbe660f2d ("bpf: Add socket assign support") Signed-off-by: Joe Stringer <joe@wand.net.nz> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Martin KaFai Lau <kafai@fb.com> Link: https://lore.kernel.org/bpf/20200408033540.10339-1-joe@wand.net.nz
author: Joe Stringer <joe@wand.net.nz> 2020-04-07 20:35:40 -0700
committer: Daniel Borkmann <daniel@iogearbox.net> 2020-04-09 01:02:14 +0200
commit: 8e368dc72e86ad1e1a612416f32d5ad22dca88bc (patch)
tree: 654cd7e341b07cb25b2a1b224d7c900f26ebce91
parent: eb203f4b89c1a1a779d9781e49b568d2a712abc6 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/net/core/filter.c b/net/core/filter.c
index 7628b947dbc3..7d6ceaa54d21 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -5925,7 +5925,7 @@ BPF_CALL_3(bpf_sk_assign, struct sk_buff *, skb, struct sock *, sk, u64, flags)
 		return -EOPNOTSUPP;
 	if (unlikely(dev_net(skb->dev) != sock_net(sk)))
 		return -ENETUNREACH;
-	if (unlikely(sk->sk_reuseport))
+	if (unlikely(sk_fullsock(sk) && sk->sk_reuseport))
 		return -ESOCKTNOSUPPORT;
 	if (sk_is_refcounted(sk) &&
 	    unlikely(!refcount_inc_not_zero(&sk->sk_refcnt)))
author	Joe Stringer <joe@wand.net.nz>	2020-04-07 20:35:40 -0700
committer	Daniel Borkmann <daniel@iogearbox.net>	2020-04-09 01:02:14 +0200
commit	8e368dc72e86ad1e1a612416f32d5ad22dca88bc (patch)
tree	654cd7e341b07cb25b2a1b224d7c900f26ebce91
parent	eb203f4b89c1a1a779d9781e49b568d2a712abc6 (diff)