github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-12 16:18:45 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
2c7e33f1fc
linux/net
History
KaFai Wan 54377fcab5 bpf: Reject TCP_NODELAY in bpf-tcp-cc 
A BPF TCP congestion control program can call bpf_setsockopt() from
its callbacks. In current kernels, if it calls
bpf_setsockopt(TCP_NODELAY) from cwnd_event_tx_start(), the call can
re-enter the TCP transmit path before the outer tcp_transmit_skb()
has completed and advanced the send head.

This can re-trigger CA_EVENT_TX_START and lead to unbounded recursion:

  tcp_transmit_skb()
    -> tcp_event_data_sent()
      -> tcp_ca_event(sk, CA_EVENT_TX_START)
        -> cwnd_event_tx_start()
          -> bpf_setsockopt(TCP_NODELAY)
            -> tcp_push_pending_frames()
              -> tcp_write_xmit()
                -> tcp_transmit_skb()

This leads to unbounded recursion and can overflow the kernel stack.

Reject TCP_NODELAY with -EOPNOTSUPP for bpf-tcp-cc by introducing
a dedicated setsockopt proto for BPF_PROG_TYPE_STRUCT_OPS TCP
congestion control programs. To keep it simple, all tcp-cc ops is
rejected for TCP_NODELAY.

Fixes: 7e41df5dbb ("bpf: Add a few optnames to bpf_setsockopt")
Suggested-by: Martin KaFai Lau <martin.lau@linux.dev>
Signed-off-by: KaFai Wan <kafai.wan@linux.dev>
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Reviewed-by: Jiayuan Chen <jiayuan.chen@linux.dev>
Link: https://patch.msgid.link/20260421155804.135786-3-kafai.wan@linux.dev
2026-04-22 12:58:57 -07:00
..
6lowpan
9p Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
802 Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
8021q Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
appletalk Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
atm Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-03-19 14:16:00 -07:00
ax25 net: change sock.sk_ino and sock_i_ino() to u64 2026-03-06 14:31:26 +01:00
batman-adv Here are two batman-adv bugfixes: 2026-04-08 18:50:27 -07:00
bluetooth Networking changes for 7.1. 2026-04-14 18:36:10 -07:00
bpf bpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb 2026-04-12 15:42:57 -07:00
bridge net: bridge: add stp_mode attribute for STP mode selection 2026-04-10 15:52:24 -07:00
caif net: caif: clear client service pointer on teardown 2026-04-14 13:21:54 +02:00
can Networking changes for 7.1. 2026-04-14 18:36:10 -07:00
ceph libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply() 2026-03-11 10:18:56 +01:00
core bpf: Reject TCP_NODELAY in bpf-tcp-cc 2026-04-22 12:58:57 -07:00
dcb Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
devlink Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-09 13:20:59 -07:00
dns_resolver net: Add SPDX ids to some source files 2026-03-09 18:32:45 -07:00
dsa net: dsa: tag_rtl8_4: set KEEP flag 2026-04-12 09:03:55 -07:00
ethernet bonding: prevent potential infinite loop in bond_header_parse() 2026-03-16 19:29:45 -07:00
ethtool ethtool: strset: check nla_len overflow 2026-04-12 11:23:50 -07:00
handshake treewide: Replace kmalloc with kmalloc_obj for non-scalar types 2026-02-21 01:02:28 -08:00
hsr net: hsr: emit notification for PRP slave2 changed hw addr on port deletion 2026-04-07 17:06:16 +02:00
ieee802154 net: remove addr_len argument of recvmsg() handlers 2026-03-02 18:17:17 -08:00
ife
ipv4 bpf: Reject TCP_NODELAY in bpf-tcp-cc 2026-04-22 12:58:57 -07:00
ipv6 Networking changes for 7.1. 2026-04-14 18:36:10 -07:00
iucv net/iucv: Add missing kernel-doc return value descriptions 2026-03-31 20:14:56 -07:00
kcm kcm: fix zero-frag skb in frag_list on partial sendmsg error 2026-02-23 17:26:55 -08:00
key vfs-7.1-rc1.kino 2026-04-13 12:19:01 -07:00
l2tp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-09 13:20:59 -07:00
l3mdev
lapb treewide: Replace kmalloc with kmalloc_obj for non-scalar types 2026-02-21 01:02:28 -08:00
llc treewide: Replace kmalloc with kmalloc_obj for non-scalar types 2026-02-21 01:02:28 -08:00
mac80211 Networking changes for 7.1. 2026-04-14 18:36:10 -07:00
mac802154 bonding: prevent potential infinite loop in bond_header_parse() 2026-03-16 19:29:45 -07:00
mctp net: mctp: defer creation of dst after source-address check 2026-04-06 18:06:47 -07:00
mpls Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-02 11:03:13 -07:00
mptcp net: use get_random_u{16,32,64}() where appropriate 2026-04-09 19:27:43 -07:00
ncsi net: ncsi: fix skb leak in error paths 2026-03-06 17:34:48 -08:00
netfilter netfilter: require Ethernet MAC header before using eth_hdr() 2026-04-10 12:16:27 +02:00
netlabel Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
netlink Networking changes for 7.1. 2026-04-14 18:36:10 -07:00
netrom treewide: change inode->i_ino from unsigned long to u64 2026-03-06 14:31:28 +01:00
nfc NFC: digital: Bounds check NFC-A cascade depth in SDD response handler 2026-04-12 11:40:45 -07:00
nsh
openvswitch net: use get_random_u{16,32,64}() where appropriate 2026-04-09 19:27:43 -07:00
packet Networking changes for 7.1. 2026-04-14 18:36:10 -07:00
phonet Networking changes for 7.1. 2026-04-14 18:36:10 -07:00
psample treewide: Replace kmalloc with kmalloc_obj for non-scalar types 2026-02-21 01:02:28 -08:00
psp net: remove EXPORT_IPV6_MOD() and EXPORT_IPV6_MOD_GPL() macros 2026-03-29 11:21:22 -07:00
qrtr Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-14 12:04:00 -07:00
rds Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-14 12:04:00 -07:00
rfkill net: rfkill: prevent unlimited numbers of rfkill events from being created 2026-04-07 12:35:04 +02:00
rose Networking changes for 7.1. 2026-04-14 18:36:10 -07:00
rxrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-09 13:20:59 -07:00
sched Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-14 12:04:00 -07:00
sctp Networking changes for 7.1. 2026-04-14 18:36:10 -07:00
shaper net: shaper: protect from late creation of hierarchy 2026-03-19 13:47:15 +01:00
smc net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer 2026-03-20 18:59:30 -07:00
strparser net: strparser: fix skb_head leak in strp_abort_strp() 2026-04-14 12:37:00 +02:00
sunrpc kernfs: pass struct ns_common instead of const void * for namespace tags 2026-04-09 14:36:52 +02:00
switchdev bridge: No DEV_PATH_BR_VLAN_UNTAG_HW for dsa foreign 2026-03-19 13:14:00 +01:00
tipc This update includes the following changes: 2026-04-15 15:22:26 -07:00
tls Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-09 13:20:59 -07:00
unix bpf, sockmap: Take state lock for af_unix iter 2026-04-15 17:23:14 -07:00
vmw_vsock Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-14 12:04:00 -07:00
wireless Networking changes for 7.1. 2026-04-14 18:36:10 -07:00
x25 vfs-7.1-rc1.kino 2026-04-13 12:19:01 -07:00
xdp Networking changes for 7.1. 2026-04-14 18:36:10 -07:00
xfrm Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-09 13:20:59 -07:00
compat.c
devres.c
Kconfig
Kconfig.debug
Makefile
socket.c Networking changes for 7.1. 2026-04-14 18:36:10 -07:00
sysctl_net.c