On 04/19/2018 04:17 PM, Jesper Dangaard Brouer wrote:
> Commit 6dfb970d3dbd ("xdp: avoid leaking info stored in frame data on
> page reuse") tried to allow user/bpf_prog to (re)use area used by
> xdp_frame (stored in frame headroom), by memset clearing area when
> bpf_xdp_adjust_head give bpf_prog access to headroom area.
>
> The mentioned commit had two bugs. (1) Didn't take bpf_xdp_adjust_meta
> into account. (2) a combination of bpf_xdp_adjust_head calls, where
> xdp->data is moved into xdp_frame section, can cause clearing
> xdp_frame area again for area previously granted to bpf_prog.
>
> After discussions with Daniel, we choose to implement a simpler
> solution to the problem, which is to reserve the headroom used by
> xdp_frame info.
>
> This also avoids the situation where bpf_prog is allowed to adjust/add
> headers, and then XDP_REDIRECT later drops the packet due to lack of
> headroom for the xdp_frame. This would likely confuse the end-user.
>
> Fixes: 6dfb970d3dbd ("xdp: avoid leaking info stored in frame data on page
> reuse")
> Signed-off-by: Jesper Dangaard Brouer <bro...@redhat.com>
Applied to bpf-next, thanks Jesper!
