xsk_rcv_check tests for inbound packets to see whether they match the bound
AF_XDP socket. Refactor the test into a small helper xsk_dev_queue_valid and
move the validation against xs->dev and xs->queue_id there. The fast-path
case stays in place and allows for quick return in xsk_dev_queue_valid. If
it fails, the validation is extended to check whether the AF_XDP socket is
bound against a peered queue, and if the case then the test is redone.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Co-developed-by: David Wei <dw@davidwei.uk>
Signed-off-by: David Wei <dw@davidwei.uk>
---
 net/xdp/xsk.c | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/net/xdp/xsk.c b/net/xdp/xsk.c
index 7b0c68a70888..6ae9ad5f27ad 100644
--- a/net/xdp/xsk.c
+++ b/net/xdp/xsk.c
@@ -331,14 +331,31 @@ static bool xsk_is_bound(struct xdp_sock *xs)
 	return false;
 }
 
+static bool xsk_dev_queue_valid(const struct xdp_sock *xs,
+				const struct xdp_rxq_info *info)
+{
+	struct net_device *dev = xs->dev;
+	u32 queue_index = xs->queue_id;
+	struct netdev_rx_queue *rxq;
+
+	if (info->dev == dev &&
+	    info->queue_index == queue_index)
+		return true;
+
+	rxq = READ_ONCE(__netif_get_rx_queue(dev, queue_index)->peer);
+	if (!rxq)
+		return false;
+
+	return info->dev == rxq->dev &&
+	       info->queue_index == get_netdev_rx_queue_index(rxq);
+}
+
 static int xsk_rcv_check(struct xdp_sock *xs, struct xdp_buff *xdp, u32 len)
 {
 	if (!xsk_is_bound(xs))
 		return -ENXIO;
-
-	if (xs->dev != xdp->rxq->dev || xs->queue_id != xdp->rxq->queue_index)
+	if (!xsk_dev_queue_valid(xs, xdp->rxq))
 		return -EINVAL;
-
 	if (len > xsk_pool_get_rx_frame_size(xs->pool) && !xs->sg) {
 		xs->rx_dropped++;
 		return -ENOSPC;
-- 
2.43.0