bpf: bpf_fib_lookup should not return neigh in NUD_FAILED state
stable inclusion from stable-v5.10.171 commit a2957adbf3f5450f7425c545863da4a3287e06a1 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I7V9QX Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=a2957adbf3f5450f7425c545863da4a3287e06a1 ---------------------------------------------------- commit 1fe4850b upstream. The bpf_fib_lookup() helper does not only look up the fib (ie. route) but it also looks up the neigh. Before returning the neigh, the helper does not check for NUD_VALID. When a neigh state (neigh->nud_state) is in NUD_FAILED, its dmac (neigh->ha) could be all zeros. The helper still returns SUCCESS instead of NO_NEIGH in this case. Because of the SUCCESS return value, the bpf prog directly uses the returned dmac and ends up filling all zero in the eth header. This patch checks for NUD_VALID and returns NO_NEIGH if the neigh is not valid. Signed-off-by:Martin KaFai Lau <martin.lau@kernel.org> Signed-off-by:
Loading
Please sign in to comment