git.proxmox.com Git - mirror_ubuntu-kernels.git/commit

author	Martin KaFai Lau <martin.lau@kernel.org>
	Fri, 17 Feb 2023 00:41:48 +0000 (16:41 -0800)
committer	Andrea Righi <andrea.righi@canonical.com>
	Thu, 9 Mar 2023 14:58:31 +0000 (15:58 +0100)
commit	59fb53d919acef17153ba9f3f87363df655e99ba
tree	e30b5adb2d9363b6f32ec87cd6e5494ee9eb87ac	tree
parent	80ee36216a7b51d3db05899269d37845d0b21740	commit \| diff

bpf: bpf_fib_lookup should not return neigh in NUD_FAILED state

BugLink: https://bugs.launchpad.net/bugs/2009358
commit 1fe4850b34ab512ff911e2c035c75fb6438f7307 upstream.

The bpf_fib_lookup() helper does not only look up the fib (ie. route)
but it also looks up the neigh. Before returning the neigh, the helper
does not check for NUD_VALID. When a neigh state (neigh->nud_state)
is in NUD_FAILED, its dmac (neigh->ha) could be all zeros. The helper
still returns SUCCESS instead of NO_NEIGH in this case. Because of the
SUCCESS return value, the bpf prog directly uses the returned dmac
and ends up filling all zero in the eth header.

This patch checks for NUD_VALID and returns NO_NEIGH if the neigh is
not valid.

Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20230217004150.2980689-3-martin.lau@linux.dev
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>