Re: [PATCH bpf v4 1/3] selftests/bpf: don't modify the skb in the strparser parser prog

Next message: Jiayuan Chen: "Re: [PATCH bpf v4 3/3] selftests/bpf: test rejection of a packet-modifying SK_SKB stream parser"
Previous message: Jiayuan Chen: "Re: [PATCH bpf v4 2/3] bpf, sockmap: reject a packet-modifying SK_SKB stream parser"
In reply to: Sechang Lim: "[PATCH bpf v4 1/3] selftests/bpf: don't modify the skb in the strparser parser prog"
Next in thread: bot+bpf-ci: "Re: [PATCH bpf v4 1/3] selftests/bpf: don't modify the skb in the strparser parser prog"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jiayuan Chen

Date: Fri Jun 19 2026 - 02:37:46 EST

On 6/19/26 2:29 PM, Sechang Lim wrote:

sockmap_parse_prog.c is attached as an SK_SKB stream parser and modifies
the skb. It calls bpf_skb_pull_data() and writes a byte into the packet.
A stream parser runs on strparser's message head and must not modify it.
A resize frees the frag_list segments strparser still tracks, leading to
a use-after-free.

Make the parser read-only. It only needs to return the message length,
which keeps it attaching once packet-modifying parsers are rejected.

Signed-off-by: Sechang Lim <rhkrqnwk98@xxxxxxxxx>

This series should target bpf-next.

Reviewed-by: Jiayuan Chen <jiayuan.chen@xxxxxxxxx>