Skip to content

[v1.16] bpf: sock: fix LRP for pre-5.7 kernels#41457

Merged
julianwiedmann merged 4 commits intov1.16from
pr/jwi/v1.16/sock-netns-cookie
Sep 2, 2025
Merged

[v1.16] bpf: sock: fix LRP for pre-5.7 kernels#41457
julianwiedmann merged 4 commits intov1.16from
pr/jwi/v1.16/sock-netns-cookie

Conversation

@julianwiedmann
Copy link
Copy Markdown
Member

@julianwiedmann julianwiedmann commented Sep 1, 2025

Backport of:

Fix a bug that caused the kernel verifier on pre-v5.7 kernels to reject the bpf_sock program with "invalid func unknown#122" when the LocalRedirectPolicy feature is enabled.

@julianwiedmann
bpf: complexity-tests: add HAVE_SET_RETVAL for bpf_sock tests
d7a5894 
[ upstream commit a0f64e5 ]

bpf_set_retval() was added to the kernel with v5.18.

Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
@julianwiedmann
bpf: complexity-tests: add HAVE_NETNS_COOKIE for bpf_sock tests
77df320 
[ upstream commit 36c6431 ]

bpf_get_netns_cookie() was added to the kernel with v5.7.

Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
@julianwiedmann
bpf/complexity-tests: test ENABLE_LOCAL_REDIRECT_POLICY on 5.4 kernel
7558d48 
[ upstream commit 8a4db90 ]

Extend the LRP load-testing that was introduced with
#35016 and
#35099, so that the 5.4 kernel is
also covered.

This helps to reproduce the bug reported in
#40457.

Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
@julianwiedmann
bpf: sock: fix LRP for pre-5.8 kernels
aec4c13 
[ upstream commit 5745846 ]

#33721 refactored the LRP code in
bpf_sock, and dropped the HAVE_NETNS_COOKIE guard when calling
get_netns_cookie(). When LRP is enabled, this causes the verifier on
pre-5.8 kernels (where the helper is not available) to reject the bpf_sock
program with "invalid func unknown#122".

Re-introduce the check for HAVE_NETNS_COOKIE in the IPv4 path. This matches
the IPv6 path.

Fixes: 9d8b5f7 ("bpf:move LBx skip map and lookup functions to lb.h")
Fixes: #40457
Signed-off-by: Julian Wiedmann <jwi@isovalent.com>
@maintainer-s-little-helper maintainer-s-little-helper bot added backport/1.16 This PR represents a backport for Cilium 1.16.x of a PR that was merged to main. kind/backports This PR provides functionality previously merged into master. labels Sep 1, 2025
@julianwiedmann
Copy link
Copy Markdown
Member Author

julianwiedmann commented Sep 1, 2025

/test

@julianwiedmann julianwiedmann marked this pull request as ready for review September 1, 2025 13:17
@julianwiedmann julianwiedmann requested a review from a team as a code owner September 1, 2025 13:17
@julianwiedmann julianwiedmann mentioned this pull request Sep 2, 2025
Merged
@julianwiedmann julianwiedmann added this pull request to the merge queue Sep 2, 2025
Merged via the queue into v1.16 with commit e607d0c Sep 2, 2025
361 of 370 checks passed
@julianwiedmann julianwiedmann deleted the pr/jwi/v1.16/sock-netns-cookie branch September 2, 2025 09:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jrajahalme jrajahalme jrajahalme approved these changes

@dylandreimerink dylandreimerink Awaiting requested review from dylandreimerink

Assignees

No one assigned

Labels

backport/1.16 This PR represents a backport for Cilium 1.16.x of a PR that was merged to main. kind/backports This PR provides functionality previously merged into master.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@julianwiedmann @jrajahalme @msune