summaryrefslogtreecommitdiff
path: root/net/core
diff options
context:
space:
mode:
authorAndrii Nakryiko <andriin@fb.com>2020-08-11 19:29:23 -0700
committerAlexei Starovoitov <ast@kernel.org>2020-08-12 18:00:49 -0700
commit068d9d1eba72423e99162aad3586727180715c2a (patch)
tree5a002b874b1bf8fc3f58ba74b3dd4d5c46bfe70c /net/core
parentda7bdfdd23b858e6d97a1e4b461548e23d16977f (diff)
bpf: Fix XDP FD-based attach/detach logic around XDP_FLAGS_UPDATE_IF_NOEXIST
Enforce XDP_FLAGS_UPDATE_IF_NOEXIST only if new BPF program to be attached is non-NULL (i.e., we are not detaching a BPF program). Fixes: d4baa9368a5e ("bpf, xdp: Extract common XDP program attachment logic") Reported-by: Stanislav Fomichev <sdf@google.com> Signed-off-by: Andrii Nakryiko <andriin@fb.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Tested-by: Stanislav Fomichev <sdf@google.com> Acked-by: Toke Høiland-Jørgensen <toke@redhat.com> Link: https://lore.kernel.org/bpf/20200812022923.1217922-1-andriin@fb.com
Diffstat (limited to 'net/core')
-rw-r--r--net/core/dev.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/net/core/dev.c b/net/core/dev.c
index 7df6c9617321..b5d1129d8310 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -8913,10 +8913,6 @@ static int dev_xdp_attach(struct net_device *dev, struct netlink_ext_ack *extack
NL_SET_ERR_MSG(extack, "Active program does not match expected");
return -EEXIST;
}
- if ((flags & XDP_FLAGS_UPDATE_IF_NOEXIST) && cur_prog) {
- NL_SET_ERR_MSG(extack, "XDP program already attached");
- return -EBUSY;
- }
/* put effective new program into new_prog */
if (link)
@@ -8927,6 +8923,10 @@ static int dev_xdp_attach(struct net_device *dev, struct netlink_ext_ack *extack
enum bpf_xdp_mode other_mode = mode == XDP_MODE_SKB
? XDP_MODE_DRV : XDP_MODE_SKB;
+ if ((flags & XDP_FLAGS_UPDATE_IF_NOEXIST) && cur_prog) {
+ NL_SET_ERR_MSG(extack, "XDP program already attached");
+ return -EBUSY;
+ }
if (!offload && dev_xdp_prog(dev, other_mode)) {
NL_SET_ERR_MSG(extack, "Native and generic XDP can't be active at the same time");
return -EEXIST;