From: linuxtestproject.agent@gmail.com
To: Andrea Cervesato <andrea.cervesato@suse.de>
Cc: ltp@lists.linux.it
Subject: Re: [LTP] lapi: Add pkt_sched.h and pkt_cls.h fallbacks
Date: Mon, 6 Jul 2026 14:32:36 +0000 [thread overview]
Message-ID: <20260706143236.4092-1-linuxtestproject.agent@gmail.com> (raw)
In-Reply-To: <20260706-cve-2026-46331-v1-1-c55d45f022d1@suse.com>
Hi Andrea,
On Mon, 7 Jul 2026 14:56:11 +0200, Andrea Cervesato wrote:
> lapi: Add pkt_sched.h and pkt_cls.h fallbacks
--- [PATCH 2/2] ---
> cve: Add act_pedit page-cache corruption test
> + if (sendfile(cli_fd, file_fd, &off, DATA_SIZE) < 0)
> + tst_brk(TBROK | TERRNO, "sendfile() failed");
> +
> + /*
> + * Allow the loopback egress path to finish processing.
> + * The pedit action fires synchronously on lo, but give
> + * the stack a moment to drain any queued segments.
> + */
> + usleep(100000);
> +
> + SAFE_CLOSE(cli_fd);
> + SAFE_CLOSE(acc_fd);
usleep() for synchronization is not allowed (ground rule 2).
The comment itself says the pedit action fires synchronously on lo.
If that is the case, all egress processing is complete by the time
sendfile() returns, and the sleep buys nothing.
If TCP produces multiple segments and there is a concern that not all
of them have passed through the egress filter by the time the readback
runs, the deterministic fix is to drain acc_fd before closing the
sockets:
char sink[DATA_SIZE];
SAFE_READ(1, acc_fd, sink, sizeof(sink));
That read blocks until all DATA_SIZE bytes have been received,
guaranteeing the full egress path -- including every pedit action --
has completed before the page-cache comparison.
Verdict - Needs revision
---
Note:
The agent can sometimes produce false positives although often its
findings are genuine. If you find issues with the review, please
comment this email or ignore the suggestions.
Regards,
LTP AI Reviewer
--
Mailing list info: https://lists.linux.it/listinfo/ltp
next prev parent reply other threads:[~2026-07-06 14:32 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-06 12:56 [LTP] [PATCH 0/2] Reproducer for cve-2026-46331 Andrea Cervesato
2026-07-06 12:56 ` [LTP] [PATCH 1/2] lapi: Add pkt_sched.h and pkt_cls.h fallbacks Andrea Cervesato
2026-07-06 14:32 ` linuxtestproject.agent [this message]
2026-07-06 12:56 ` [LTP] [PATCH 2/2] cve: Add act_pedit page-cache corruption test Andrea Cervesato
-- strict thread matches above, loose matches on Subject: below --
2026-07-06 19:12 [LTP] [PATCH v2 1/2] lapi: Add pkt_sched.h and pkt_cls.h fallbacks Andrea Cervesato
2026-07-06 20:09 ` [LTP] " linuxtestproject.agent
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260706143236.4092-1-linuxtestproject.agent@gmail.com \
--to=linuxtestproject.agent@gmail.com \
--cc=andrea.cervesato@suse.de \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.