Netdev Archive on
help / color / mirror / Atom feed
From: Jussi Maki <>
To: Nikolay Aleksandrov <>
Cc: Network Development <>,
	Jonathan Toppins <>
Subject: Re: [PATCH net-next] net, bonding: Disallow vlan+srcmac with XDP
Date: Thu, 12 Aug 2021 17:12:08 +0200	[thread overview]
Message-ID: <> (raw)
In-Reply-To: <>

On Thu, Aug 12, 2021 at 5:01 PM Nikolay Aleksandrov <> wrote:
> Hi Jussi,
> Could you please share the null ptr deref trace?
> I'm curious how we can get a null skb at that point.

Hi Nik, this was reported by Jonathan here:
I didn't reproduce the null ptr deref as it was fairly obvious how it
can happen, e.g. by having a bond with xmit_policy=vlan+srcmac. The
hashing functions were refactored to be used for both xdp_buff and
skbuff uses and the skb pointer became optional (was meant to be used
when packet was non-linear), but I missed fixing the vlan hashing
function. Partially the reason leading to this was that the
xmit_policy is very new and the bpf vmtest infra still uses an older
iproute2 version which didn't support it, so this was untested. What
is not tested is broken as usual.

> Also how are the xdp and null ptr deref changes related ?

They're related in that looking into the null ptr deref here I
realized that vlan+srcmac didn't make sense with XDP since we have no
guarantee that the vlan id is in the ethernet header. So this patch
both fixes the deref by checking the skb pointer for NULL and it
disallows the whole xmit policy for XDP for the aforementioned reason.

Hope this makes sense.

  reply	other threads:[~2021-08-12 15:12 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-12 14:52 [PATCH net-next] net, bonding: Disallow vlan+srcmac with XDP Jussi Maki
2021-08-12 15:01 ` Nikolay Aleksandrov
2021-08-12 15:12   ` Jussi Maki [this message]
2021-08-12 15:21     ` Nikolay Aleksandrov
2021-08-13 19:40 ` Jonathan Toppins
2021-08-13 21:10 ` patchwork-bot+netdevbpf

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).