bpf: use skb_to_full_sk helper in bpf_skb_under_cgroup

We need to use skb_to_full_sk() helper introduced in commit bd5eb35f16a9 ("xfrm: take care of request sockets") as otherwise we miss tcp synack messages, since ownership is on request socket and therefore it would miss the sk_fullsock() check. Use skb_to_full_sk() as also done similarly in the bpf_get_cgroup_classid() helper via 2309236c13fe ("cls_cgroup: get sk_classid only from full sockets") fix to not let this fall through. Fixes: 4a482f34afcc ("cgroup: bpf: Add bpf_skb_in_cgroup_proto") Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Daniel Borkmann <daniel@iogearbox.net> 2016-09-23 01:28:35 +0200
committer: Michael Bestas <mkbestas@lineageos.org> 2022-04-19 00:51:47 +0300
commit: 69a91e6165ee0ca366c52c7a3543fbcb1c17c45c (patch)
tree: 8d50501a7dd7ae4e5a00c67a5cd3542e1622346e
parent: 997b40bc5c5a68830807f2a98c5ce45fb8b363b3 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/net/core/filter.c b/net/core/filter.c
index f0e970bb614c..e156353a7bf5 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -2432,7 +2432,7 @@ BPF_CALL_3(bpf_skb_under_cgroup, struct sk_buff *, skb, struct bpf_map *, map,
 	struct cgroup *cgrp;
 	struct sock *sk;
 
-	sk = skb->sk;
+	sk = skb_to_full_sk(skb);
 	if (!sk || !sk_fullsock(sk))
 		return -ENOENT;
 	if (unlikely(idx >= array->map.max_entries))
author	Daniel Borkmann <daniel@iogearbox.net>	2016-09-23 01:28:35 +0200
committer	Michael Bestas <mkbestas@lineageos.org>	2022-04-19 00:51:47 +0300
commit	69a91e6165ee0ca366c52c7a3543fbcb1c17c45c (patch)
tree	8d50501a7dd7ae4e5a00c67a5cd3542e1622346e
parent	997b40bc5c5a68830807f2a98c5ce45fb8b363b3 (diff)