Re: [PATCH bpf-next 1/2] bpf, test_run: Fix user-memory-access vulnerability for LIVE_FRAMES

From: Toke Høiland-Jørgensen
Date: Mon Jan 05 2026 - 05:49:37 EST

Next message: Tamir Duberstein: "Re: [PATCH 1/2] rust: syn: make rust-analyzer treat `std` as a dependency"
Previous message: Jonathan Cameron: "Re: [PATCH 2/2] bus: stm32_firewall: Simplify with scoped for each OF child loop"
In reply to: KaFai Wan: "[PATCH bpf-next 1/2] bpf, test_run: Fix user-memory-access vulnerability for LIVE_FRAMES"
Next in thread: KaFai Wan: "Re: [PATCH bpf-next 1/2] bpf, test_run: Fix user-memory-access vulnerability for LIVE_FRAMES"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

KaFai Wan <kafai.wan@xxxxxxxxx> writes:

> This fix reverts to the original version and ensures data_hard_start
> correctly points to the xdp_frame structure, eliminating the security
> risk.

This is wrong. We should just be checking the meta_len on input to
account for the size of xdp_frame. I'll send a patch.

-Toke

Next message: Tamir Duberstein: "Re: [PATCH 1/2] rust: syn: make rust-analyzer treat `std` as a dependency"
Previous message: Jonathan Cameron: "Re: [PATCH 2/2] bus: stm32_firewall: Simplify with scoped for each OF child loop"
In reply to: KaFai Wan: "[PATCH bpf-next 1/2] bpf, test_run: Fix user-memory-access vulnerability for LIVE_FRAMES"
Next in thread: KaFai Wan: "Re: [PATCH bpf-next 1/2] bpf, test_run: Fix user-memory-access vulnerability for LIVE_FRAMES"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]