Possible problem with e6afc8ac
("udp: remove headers from UDP packets before queueing")
Paul Moore tracked a regression caused by a recent commit, which
mistakenly assumed that sk_filter() could be avoided if socket
had no current BPF filter.
The intent was to avoid udp_lib_checksum_complete() overhead.
But sk_filter() also checks skb_pfmemalloc() and
security_sock_rcv_skb(), so better call it.
Fixes: e6afc8ace6
("udp: remove headers from UDP packets before queueing")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Paul Moore <paul@paul-moore.com>
Tested-by: Paul Moore <paul@paul-moore.com>
Tested-by: Stephen Smalley <sds@tycho.nsa.gov>
Cc: samanthakumar <samanthakumar@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
f55d84b07c
commit
ce25d66ad5
|
@ -1618,12 +1618,12 @@ int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
|
|||
}
|
||||
}
|
||||
|
||||
if (rcu_access_pointer(sk->sk_filter)) {
|
||||
if (udp_lib_checksum_complete(skb))
|
||||
if (rcu_access_pointer(sk->sk_filter) &&
|
||||
udp_lib_checksum_complete(skb))
|
||||
goto csum_error;
|
||||
if (sk_filter(sk, skb))
|
||||
goto drop;
|
||||
}
|
||||
|
||||
if (sk_filter(sk, skb))
|
||||
goto drop;
|
||||
|
||||
udp_csum_pull_header(skb);
|
||||
if (sk_rcvqueues_full(sk, sk->sk_rcvbuf)) {
|
||||
|
|
|
@ -653,12 +653,12 @@ int udpv6_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
|
|||
}
|
||||
}
|
||||
|
||||
if (rcu_access_pointer(sk->sk_filter)) {
|
||||
if (udp_lib_checksum_complete(skb))
|
||||
goto csum_error;
|
||||
if (sk_filter(sk, skb))
|
||||
goto drop;
|
||||
}
|
||||
if (rcu_access_pointer(sk->sk_filter) &&
|
||||
udp_lib_checksum_complete(skb))
|
||||
goto csum_error;
|
||||
|
||||
if (sk_filter(sk, skb))
|
||||
goto drop;
|
||||
|
||||
udp_csum_pull_header(skb);
|
||||
if (sk_rcvqueues_full(sk, sk->sk_rcvbuf)) {
|
||||
|
|
Loading…
Reference in New Issue