[PATCH v2 bpf 0/6] bpf: tcp: Fix type confusion in bpf helper functions.
From: Kuniyuki Iwashima <kuniyu@google.com>
Date: 2026-05-04 21:06:12
Also in:
bpf
bpf_tcp_sock() only check if sk->sk_protocol is IPPROTO_TCP,
but RAW socket can bypass it:
socket(AF_INET, SOCK_RAW, IPPROTO_TCP)
The same issues exist in other bpf functions:
* bpf_mptcp_sock_from_subflow()
* bpf_skc_to_tcp_sock()
* bpf_skc_to_tcp6_sock()
* sol_tcp_sockopt()
Patch 1 fixes bpf_tcp_sock() and Patch 2 adds a test for it.
Patch 3 ~ 6 fix the rest of the functions above.
Changes:
v2:
* Inverse if (err) to if (!err) in the selftest
* Add patch 3 ~ 6
v1: https://lore.kernel.org/bpf/20260430184405.1227386-1-kuniyu@google.com/ (local)
https://lore.kernel.org/mptcp/20260430-mptcp-bpf-mptcp-sock-type-v1-1-d2ed5cda7da9@kernel.org/ (local)
Kuniyuki Iwashima (5):
bpf: tcp: Fix type confusion in bpf_tcp_sock().
selftest: bpf: Add test for bpf_tcp_sock() and RAW socket.
bpf: tcp: Fix type confusion in bpf_skc_to_tcp_sock().
bpf: tcp: Fix type confusion in bpf_skc_to_tcp6_sock().
bpf: tcp: Fix type confusion in sol_tcp_sockopt().
Matthieu Baerts (NGI0) (1):
mptcp: bpf: fix type confusion in bpf_mptcp_sock_from_subflow()
net/core/filter.c | 8 ++++----
net/mptcp/bpf.c | 2 +-
.../selftests/bpf/prog_tests/sockopt_sk.c | 18 +++++++++++++++++-
tools/testing/selftests/bpf/progs/sockopt_sk.c | 16 ++++++++++++++++
4 files changed, 38 insertions(+), 6 deletions(-)
--
2.54.0.545.g6539524ca2-goog