From: John Fastabend <john.fastabend@gmail.com>
To: sashiko-reviews@lists.linux.dev
Cc: Sechang Lim <rhkrqnwk98@gmail.com>, bpf@vger.kernel.org
Subject: Re: [PATCH bpf] bpf, sockmap: fix BUG_ON in skb_to_sgvec() on a resized ingress skb
Date: Thu, 18 Jun 2026 12:02:14 -0700 [thread overview]
Message-ID: <ajRAgiUlvyNt5wlr@john-p8> (raw)
In-Reply-To: <20260613083747.CA2991F000E9@smtp.kernel.org>
On Sat, Jun 13, 2026 at 08:37:47AM +0000, sashiko-bot@kernel.org wrote:
>Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
>- [High] Returning -EINVAL when an SKB is shrunk by a BPF program causes the `sk_psock_backlog` worker to incorrectly treat the valid shrink as a fatal error, leading to an unintended broken pipe (EPIPE).
>--
>
>commit 54e4eaf90ac6a727b56c416746a6a961673b62f5
>Author: Sechang Lim <rhkrqnwk98@gmail.com>
>
>bpf, sockmap: fix BUG_ON in skb_to_sgvec() on a resized ingress skb
>
>This commit prevents a BUG_ON when a BPF program shrinks an ingress SKB.
>It accomplishes this by clamping the length to skb->len - off and
>returning -EINVAL if off is already past the SKB length.
>
>> diff --git a/net/core/skmsg.c b/net/core/skmsg.c
>> index e1850caf1a71a..2961178ebd1e1 100644
>> --- a/net/core/skmsg.c
>> +++ b/net/core/skmsg.c
>> @@ -550,6 +550,10 @@ static int sk_psock_skb_ingress_enqueue(struct sk_buff *skb,
>> {
>> int num_sge, copied;
>>
>> + if (off >= skb->len)
>> + return -EINVAL;
>> + len = min_t(u32, len, skb->len - off);
>> +
>
>[Severity: High]
>Could returning -EINVAL here cause the sk_psock_backlog() worker to
>incorrectly treat a valid SKB shrink as a permanent error?
Yep it treats it as a hard error and breaks the socket. The above
patch does enough to fix the BUG but doesn't actually fix the
underlying issue.
Sashiko AI review ·
https://sashiko.dev/#/patchset/20260613082442.3252576-1-rhkrqnwk98@gmail.com?part=1
next prev parent reply other threads:[~2026-06-18 19:02 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-13 8:24 [PATCH bpf] bpf, sockmap: fix BUG_ON in skb_to_sgvec() on a resized ingress skb Sechang Lim
2026-06-13 8:37 ` sashiko-bot
2026-06-18 19:02 ` John Fastabend [this message]
2026-06-18 19:00 ` John Fastabend
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ajRAgiUlvyNt5wlr@john-p8 \
--to=john.fastabend@gmail.com \
--cc=bpf@vger.kernel.org \
--cc=rhkrqnwk98@gmail.com \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.