Re: [PATCH bpf v8 1/2] net: Validate protocol in skb_steal_sock() for BPF-assigned sockets

Next message: Jakub Kicinski: "Re: [PATCH] net: qualcomm: emac: replace strcpy() with strscpy()"
Previous message: lizhi2: "[PATCH net-next v8 3/6] net: stmmac: eic7700: make RGMII delay properties optional"
In reply to: Kuniyuki Iwashima: "Re: [PATCH bpf v8 1/2] net: Validate protocol in skb_steal_sock() for BPF-assigned sockets"
Next in thread: Jiayuan Chen: "[PATCH bpf v8 2/2] selftests/bpf: Add protocol check test for bpf_sk_assign_tcp_reqsk()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jiayuan Chen

Date: Tue Jun 09 2026 - 21:38:51 EST

On 6/10/26 1:14 AM, Kuniyuki Iwashima wrote:

Hi Kuniyuki and Alexei,

Thanks both for the discussion, it makes sense to me.

I'll go back to fixing this in the helper itself, like the previous
version did.

I think even the previous version is the same type of change
for intentional misuse.

Both bpf_sk_assign() and bpf_sk_assign_tcp_reqsk() assumes
sk_lookup() in advance, meaning the bpf must have dissected
skb, and bpf_sk_assign() relies on it and has no protocol check.

Hi Kuniyuki,

Fair point. The "immutable skb" idea is more more worthy.