@@ -662,15 +662,16 @@ static int sk_psock_bpf_run(struct sk_psock *psock, struct bpf_prog *prog,
{
int ret;
+ /* strparser clones the skb before handing it to a upper layer,
+ * meaning we have the same data, but sk is NULL. We do want an
+ * sk pointer though when we run the BPF program. So we set it
+ * here and then NULL it to ensure we don't trigger a BUG_ON()
+ * in skb/sk operations later if kfree_skb is called with a
+ * valid skb->sk pointer and no destructor assigned.
+ */
skb->sk = psock->sk;
bpf_compute_data_end_sk_skb(skb);
ret = bpf_prog_run_pin_on_cpu(prog, skb);
- /* strparser clones the skb before handing it to a upper layer,
- * meaning skb_orphan has been called. We NULL sk on the way out
- * to ensure we don't trigger a BUG_ON() in skb/sk operations
- * later and because we are not charging the memory of this skb
- * to any socket yet.
- */
skb->sk = NULL;
return ret;
}
@@ -794,7 +795,6 @@ static void sk_psock_strp_read(struct strparser *strp, struct sk_buff *skb)
}
prog = READ_ONCE(psock->progs.skb_verdict);
if (likely(prog)) {
- skb_orphan(skb);
tcp_skb_bpf_redirect_clear(skb);
ret = sk_psock_bpf_run(psock, prog, skb);
ret = sk_psock_map_verd(ret, tcp_skb_bpf_redirect_fetch(skb));