Re: [PATCH 2/2] bpf: guard sock_ops rtt_min against non-locked tcp_sock

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Martin KaFai Lau <martin.lau@linux.dev>
To: Werner Kasselman <werner@verivus.ai>
Cc: "bpf@vger.kernel.org" <bpf@vger.kernel.org>,
	 "netdev@vger.kernel.org" <netdev@vger.kernel.org>,
	"andrii@kernel.org" <andrii@kernel.org>,
	 "ast@kernel.org" <ast@kernel.org>,
	"brakmo@fb.com" <brakmo@fb.com>,
	 "daniel@iogearbox.net" <daniel@iogearbox.net>,
	"davem@davemloft.net" <davem@davemloft.net>,
	 "eddyz87@gmail.com" <eddyz87@gmail.com>,
	"edumazet@google.com" <edumazet@google.com>,
	 "haoluo@google.com" <haoluo@google.com>,
	"horms@kernel.org" <horms@kernel.org>,
	 "john.fastabend@gmail.com" <john.fastabend@gmail.com>,
	"jolsa@kernel.org" <jolsa@kernel.org>,
	 "kpsingh@kernel.org" <kpsingh@kernel.org>,
	"kuba@kernel.org" <kuba@kernel.org>,
	 "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	 "linux-kselftest@vger.kernel.org"
	<linux-kselftest@vger.kernel.org>,
	"pabeni@redhat.com" <pabeni@redhat.com>,
	 "sdf@fomichev.me" <sdf@fomichev.me>,
	"shuah@kernel.org" <shuah@kernel.org>,
	 "song@kernel.org" <song@kernel.org>,
	"yonghong.song@linux.dev" <yonghong.song@linux.dev>,
	 "jiayuan.chen@linux.dev" <jiayuan.chen@linux.dev>,
	"stable@vger.kernel.org" <stable@vger.kernel.org>
Subject: Re: [PATCH 2/2] bpf: guard sock_ops rtt_min against non-locked tcp_sock
Date: Mon, 20 Apr 2026 13:43:36 -0700	[thread overview]
Message-ID: <202642020410.q7GJ.martin.lau@linux.dev> (raw)
In-Reply-To: <20260417023119.3830723-3-werner@verivus.com>

On Fri, Apr 17, 2026 at 02:31:26AM +0000, Werner Kasselman wrote:
> diff --git a/net/core/filter.c b/net/core/filter.c
> index e8ad062f63bc..9c43193a5c39 100644
> --- a/net/core/filter.c
> +++ b/net/core/filter.c
> @@ -10827,14 +10827,12 @@ static u32 sock_ops_convert_ctx_access(enum bpf_access_type type,
>  			     sizeof(struct minmax));
>  		BUILD_BUG_ON(sizeof(struct minmax) <
>  			     sizeof(struct minmax_sample));
> +		BUILD_BUG_ON(offsetof(struct tcp_sock, rtt_min) +
> +			     offsetof(struct minmax_sample, v) > S16_MAX);

This doesn't look like a test that is added by human.
Will sizeof(tcp_sock) ever reach S16_MAX? It is unnecessarily defensive and
inconsistent with other tcp_sock field loads.

> diff --git a/tools/testing/selftests/bpf/prog_tests/sock_ops_get_sk.c b/tools/testing/selftests/bpf/prog_tests/sock_ops_get_sk.c
> index 343d92c4df30..1aea4c97d5d3 100644
> --- a/tools/testing/selftests/bpf/prog_tests/sock_ops_get_sk.c
> +++ b/tools/testing/selftests/bpf/prog_tests/sock_ops_get_sk.c

Separate the test in its own patch.

Also tag and add revision to subject, "[PATCH v3 bpf...]".
Take a look at how other patches are posted in the bpf mailing list.

pw-bot: cr

next prev parent reply	other threads:[~2026-04-20 20:43 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-17  2:31 [PATCH bpf v3 0/2] bpf: fix sock_ops rtt_min OOB read Werner Kasselman
2026-04-17  2:31 ` [PATCH 1/2] bpf: extract SOCK_OPS_LOAD_TCP_SOCK_FIELD from SOCK_OPS_GET_FIELD Werner Kasselman
2026-04-17  2:31 ` [PATCH 2/2] bpf: guard sock_ops rtt_min against non-locked tcp_sock Werner Kasselman
2026-04-20 20:43   ` Martin KaFai Lau [this message]
2026-04-20 22:16 ` [PATCH bpf v4 0/2] " Werner Kasselman
2026-04-20 22:16   ` [PATCH bpf v4 1/2] " Werner Kasselman
2026-04-20 22:16   ` [PATCH bpf v4 2/2] selftests/bpf: cover same-reg sock_ops rtt_min request_sock access Werner Kasselman
2026-04-20 23:00 ` [PATCH bpf v5 0/2] bpf: guard sock_ops rtt_min against non-locked tcp_sock Werner Kasselman
2026-04-20 23:00   ` [PATCH bpf v5 1/2] " Werner Kasselman
2026-04-22 21:03     ` Martin KaFai Lau
2026-04-20 23:00   ` [PATCH bpf v5 2/2] selftests/bpf: cover same-reg sock_ops rtt_min request_sock access Werner Kasselman
2026-04-22 21:11     ` Martin KaFai Lau

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202642020410.q7GJ.martin.lau@linux.dev \
    --to=martin.lau@linux.dev \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=brakmo@fb.com \
    --cc=daniel@iogearbox.net \
    --cc=davem@davemloft.net \
    --cc=eddyz87@gmail.com \
    --cc=edumazet@google.com \
    --cc=haoluo@google.com \
    --cc=horms@kernel.org \
    --cc=jiayuan.chen@linux.dev \
    --cc=john.fastabend@gmail.com \
    --cc=jolsa@kernel.org \
    --cc=kpsingh@kernel.org \
    --cc=kuba@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-kselftest@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    --cc=sdf@fomichev.me \
    --cc=shuah@kernel.org \
    --cc=song@kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=werner@verivus.ai \
    --cc=yonghong.song@linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.