Re: [PATCH net] net: prevent pulling SKB_GSO_FRAGLIST skb

From: Jakub Kicinski
Date: Mon Apr 29 2024 - 09:42:20 EST

Next message: Emil Renner Berthing: "Re: [PATCH v4 5/8] riscv: dts: starfive: visionfive 2: add tf cd-gpios"
Previous message: Borislav Petkov: "Re: [PATCH v2 09/16] x86/mce: Unify AMD THR handler with MCA Polling"
In reply to: Willem de Bruijn: "Re: [PATCH net] net: prevent pulling SKB_GSO_FRAGLIST skb"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 28 Apr 2024 22:29:13 +0800 shiming.cheng@xxxxxxxxxxxx wrote:
> From: Shiming Cheng <shiming.cheng@xxxxxxxxxxxx>
>
> BPF or TC callers may pull in a length longer than skb_headlen()
> for a SKB_GSO_FRAGLIST skb. The data in fraglist will be pulled
> into the linear space. However it destroys the skb's structure
> and may result in an invalid segmentation or kernel exception.
>
> So we should add protection to stop the operation and return
> error to remind callers.

One of the fixes you posted breaks the

tools/testing/selftests/net/udpgro_fwd.sh

selftest. Please investigate, and either adjust the test or the fix.

Next message: Emil Renner Berthing: "Re: [PATCH v4 5/8] riscv: dts: starfive: visionfive 2: add tf cd-gpios"
Previous message: Borislav Petkov: "Re: [PATCH v2 09/16] x86/mce: Unify AMD THR handler with MCA Polling"
In reply to: Willem de Bruijn: "Re: [PATCH net] net: prevent pulling SKB_GSO_FRAGLIST skb"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]