flow_dissector: use RCU protection to fetch dev_net()

[ Upstream commit afec62cd0a4191cde6dd3a75382be4d51a38ce9b ] __skb_flow_dissect() can be called from arbitrary contexts. It must extend its RCU protection section to include the call to dev_net(), which can become dev_net_rcu(). This makes sure the net structure can not disappear under us. Fixes: 9b52e3f267a6 ("flow_dissector: handle no-skb use case") Signed-off-by: Eric Dumazet <edumazet@google.com> Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com> Link: https://patch.msgid.link/20250205155120.1676781-10-edumazet@google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
author: Eric Dumazet <edumazet@google.com> 2025-02-05 15:51:17 +0000
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2025-02-21 14:11:15 +0100
commit: a9cb092440a12d2bd385f64ca9e31fcbb7b35974 (patch)
tree: bf824849f602d2b1e1c20f22f3625155e23fe768 /net/core
parent: 2247893ec3e3c9c66ee4a312fd3e7a28e609cef3 (diff)
download: linux-a9cb092440a12d2bd385f64ca9e31fcbb7b35974.tar.gz
linux-a9cb092440a12d2bd385f64ca9e31fcbb7b35974.tar.bz2
linux-a9cb092440a12d2bd385f64ca9e31fcbb7b35974.zip
1 files changed, 11 insertions, 10 deletions
diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index 0e638a37aa09..5db41bf2ed93 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -1108,10 +1108,12 @@ bool __skb_flow_dissect(const struct net *net,
 					      FLOW_DISSECTOR_KEY_BASIC,
 					      target_container);
 
+	rcu_read_lock();
+
 	if (skb) {
 		if (!net) {
 			if (skb->dev)
-				net = dev_net(skb->dev);
+				net = dev_net_rcu(skb->dev);
 			else if (skb->sk)
 				net = sock_net(skb->sk);
 		}
@@ -1122,7 +1124,6 @@ bool __skb_flow_dissect(const struct net *net,
 		enum netns_bpf_attach_type type = NETNS_BPF_FLOW_DISSECTOR;
 		struct bpf_prog_array *run_array;
 
-		rcu_read_lock();
 		run_array = rcu_dereference(init_net.bpf.run_array[type]);
 		if (!run_array)
 			run_array = rcu_dereference(net->bpf.run_array[type]);
@@ -1150,17 +1151,17 @@ bool __skb_flow_dissect(const struct net *net,
 			prog = READ_ONCE(run_array->items[0].prog);
 			result = bpf_flow_dissect(prog, &ctx, n_proto, nhoff,
 						  hlen, flags);
-			if (result == BPF_FLOW_DISSECTOR_CONTINUE)
-				goto dissect_continue;
-			__skb_flow_bpf_to_target(&flow_keys, flow_dissector,
-						 target_container);
-			rcu_read_unlock();
-			return result == BPF_OK;
+			if (result != BPF_FLOW_DISSECTOR_CONTINUE) {
+				__skb_flow_bpf_to_target(&flow_keys, flow_dissector,
+							 target_container);
+				rcu_read_unlock();
+				return result == BPF_OK;
+			}
 		}
-dissect_continue:
-		rcu_read_unlock();
 	}
 
+	rcu_read_unlock();
+
 	if (dissector_uses_key(flow_dissector,
 			       FLOW_DISSECTOR_KEY_ETH_ADDRS)) {
 		struct ethhdr *eth = eth_hdr(skb);
author	Eric Dumazet <edumazet@google.com>	2025-02-05 15:51:17 +0000
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2025-02-21 14:11:15 +0100
commit	a9cb092440a12d2bd385f64ca9e31fcbb7b35974 (patch)
tree	bf824849f602d2b1e1c20f22f3625155e23fe768 /net/core
parent	2247893ec3e3c9c66ee4a312fd3e7a28e609cef3 (diff)
download	linux-a9cb092440a12d2bd385f64ca9e31fcbb7b35974.tar.gz linux-a9cb092440a12d2bd385f64ca9e31fcbb7b35974.tar.bz2 linux-a9cb092440a12d2bd385f64ca9e31fcbb7b35974.zip