bpf: sockmap: initialize sg table entries properly

When CONFIG_DEBUG_SG is set, sg->sg_magic is initialized in
sg_init_table() and it is verified in sg api while navigating. We hit
BUG_ON when magic check is failed.

In functions sg_tcp_sendpage and sg_tcp_sendmsg, the struct containing
the scatterlist is already zeroed out. So to avoid extra memset, we
use sg_init_marker() to initialize sg_magic.

Fixed following things:
- In bpf_tcp_sendpage: initialize sg using sg_init_marker
- In bpf_tcp_sendmsg: Replace sg_init_table with sg_init_marker
- In bpf_tcp_push: Replace memset with sg_init_table where consumed
  sg entry needs to be re-initialized.

Signed-off-by: Prashant Bhole <bhole_prashant_q7@lab.ntt.co.jp>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>

diff --git a/kernel/bpf/sockmap.c b/kernel/bpf/sockmap.c
index 9192fdbcbcccd9a258da93c9959218ec5e892efa..d2bda5aa25d7d9d0dc11cb85fc22c8b7557a5809 100644 (file)
--- a/kernel/bpf/sockmap.c
+++ b/kernel/bpf/sockmap.c
@@ -341,7 +341,7 @@ retry:
                        md->sg_start++;
                        if (md->sg_start == MAX_SKB_FRAGS)
                                md->sg_start = 0;
-                       memset(sg, 0, sizeof(*sg));
+                       sg_init_table(sg, 1);
 
                        if (md->sg_start == md->sg_end)
                                break;
@@ -843,7 +843,7 @@ static int bpf_tcp_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
        }
 
        sg = md.sg_data;
-       sg_init_table(sg, MAX_SKB_FRAGS);
+       sg_init_marker(sg, MAX_SKB_FRAGS);
        rcu_read_unlock();
 
        lock_sock(sk);
@@ -950,10 +950,14 @@ static int bpf_tcp_sendpage(struct sock *sk, struct page *page,
 
        lock_sock(sk);
 
-       if (psock->cork_bytes)
+       if (psock->cork_bytes) {
                m = psock->cork;
-       else
+               sg = &m->sg_data[m->sg_end];
+       } else {
                m = &md;
+               sg = m->sg_data;
+               sg_init_marker(sg, MAX_SKB_FRAGS);
+       }
 
        /* Catch case where ring is full and sendpage is stalled. */
        if (unlikely(m->sg_end == m->sg_start &&
@@ -961,7 +965,6 @@ static int bpf_tcp_sendpage(struct sock *sk, struct page *page,
                goto out_err;
 
        psock->sg_size += size;
-       sg = &m->sg_data[m->sg_end];
        sg_set_page(sg, page, size, offset);
        get_page(page);
        m->sg_copy[m->sg_end] = true;