Re: [PATCH v2 3/5] bpf: add helper masks for ADJ_ROOM flags and encap validation

Next message: Daniel Machon: "Re: [PATCH net-next 00/10] net: lan966x: add support for PCIe FDMA"
Previous message: Praveen Talari: "Re: [PATCH v6 00/13] Enable I2C on SA8255p Qualcomm platforms"
In reply to: Martin KaFai Lau: "Re: [PATCH v2 3/5] bpf: add helper masks for ADJ_ROOM flags and encap validation"
Next in thread: Martin KaFai Lau: "Re: [PATCH v2 3/5] bpf: add helper masks for ADJ_ROOM flags and encap validation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Hudson, Nick

Date: Fri Mar 27 2026 - 07:08:15 EST

> On Mar 26, 2026, at 5:49 PM, Martin KaFai Lau <martin.lau@xxxxxxxxx> wrote:
>
> !-------------------------------------------------------------------|
> This Message Is From an External Sender
> This message came from outside your organization.
> |-------------------------------------------------------------------!
>
>
>
> On 3/26/26 10:02 AM, Hudson, Nick wrote:
>>>> static int bpf_skb_net_grow(struct sk_buff *skb, u32 off, u32 len_diff,
>>>> u64 flags)
>>>> @@ -3502,6 +3513,11 @@ static int bpf_skb_net_grow(struct sk_buff *skb, u32 off, u32 len_diff,
>>>> unsigned int gso_type = SKB_GSO_DODGY;
>>>> int ret;
>>>> + if (unlikely(flags & ~(BPF_F_ADJ_ROOM_ENCAP_MASK |
>>>> + BPF_F_ADJ_ROOM_NO_CSUM_RESET |
>>>> + BPF_F_ADJ_ROOM_FIXED_GSO)))
>>> Under which case this new check will be hit?
>> If a user supplies +ve len_diff and attempts to pass a DECAP flag.
>> The commit message had
>> Add flag validation to bpf_skb_net_grow() to reject invalid encap
>> flags early.
>
> There is DECAP_MASK check in bpf_skb_adjust_room() and then !shrink is rejected. What am I missing?

Duh, right.

Do you prefer the do all the flag checking in bpf_skb_adjust_room or keep the encap/decap split?

Attachment: smime.p7s
Description: S/MIME cryptographic signature