From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D3E8B2F616F for ; Mon, 5 Jan 2026 10:46:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767610018; cv=none; b=a7tG6XqcUlUeh2LbwYBPXPakVyHumAFQObIkvTUDSamQFrmpPZxelXyPR2GQualjYhSVAHdq4YnOVZAVQaEjKFTWjzMa2ukjXBNoJ0ek7u8YEZM1CU1xDwtG/EBnGvHsP8ImDpj+Km6UfQcGQGd+UEpz24Do7pXe9tods7pvP9c= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767610018; c=relaxed/simple; bh=R92sfuFN6VXvFyeKVBFJ2uVf3HN5zZU1eiBvYWPC9Mc=; h=From:To:Cc:Subject:In-Reply-To:References:Date:Message-ID: MIME-Version:Content-Type; b=LlF0zqRH6saz22kfMfsSiBGenQLMM+yEVCMvYIcJZorFO3fOcl3m2gryNqtLTVsbavFh3yOIQCP2ywpj/f9gu3+ZeO1b/qUvQAVVqWowIyoNXUBgGOPeHX0ooWIWeYFvWTz0llR6YRgzKGnuaIB+/fX0jT54w4XgVTzl3HxkZkQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=CdsLPFoZ; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=AqIJNU23; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="CdsLPFoZ"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="AqIJNU23" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1767610014; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=R92sfuFN6VXvFyeKVBFJ2uVf3HN5zZU1eiBvYWPC9Mc=; b=CdsLPFoZHpoTGZJYzD67bMgLkJTiDsYGOqV1dO1kyq7SL6h3r5RKQUWRR5ILbVrxmyYHbf YdXfYEZTwbh2ka8d7VOwiDEO4rKHcGwCKP5yHoH83kE4dPU/+bL8uDbNp387mU9QsfGLks CrevTWoAcF878gVob2kdwVh7pnXqngk= Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-526-VMKYDLNnPECdyWLiHL2RCQ-1; Mon, 05 Jan 2026 05:46:53 -0500 X-MC-Unique: VMKYDLNnPECdyWLiHL2RCQ-1 X-Mimecast-MFC-AGG-ID: VMKYDLNnPECdyWLiHL2RCQ_1767610013 Received: by mail-ej1-f70.google.com with SMTP id a640c23a62f3a-b7a29e6f9a0so1289914766b.1 for ; Mon, 05 Jan 2026 02:46:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1767610012; x=1768214812; darn=vger.kernel.org; h=mime-version:message-id:date:references:in-reply-to:subject:cc:to :from:from:to:cc:subject:date:message-id:reply-to; bh=R92sfuFN6VXvFyeKVBFJ2uVf3HN5zZU1eiBvYWPC9Mc=; b=AqIJNU23+cyvHoACgS/1MqPnLi3XCNDBs3HjzrHQy0oHyrfMla3/tyDkuwtPEnWzqB l5LcQ1ITM2SZecvKD3bGR63m7z/nzyoc6mEskdEMjb12G22RljestrxmVZdKPqW5OcTw Sg6AH91AbmaUT/vT9MooPLTqifFfWyeH+Z9TKqlKSHGnwjTH1Eca5BUz9R+qYB+w0ruf DwKe0LyRatFFjoKKY2GxrVTCCU18tp78Jtzecssp3uhQQX1BrN8QSKGqCnxPP6rTSQTe +kXeWTVc9cR+LmvLxL/+6vzMYF9ECRGk64qBMD3DzUaSXOXEX4yWgy9yJd7BqBRRxkGM XtXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767610012; x=1768214812; h=mime-version:message-id:date:references:in-reply-to:subject:cc:to :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=R92sfuFN6VXvFyeKVBFJ2uVf3HN5zZU1eiBvYWPC9Mc=; b=Xehax8s/qbE6/1L3i5O2JMN2vAHt2rlYlu0zr7H3+te5kbMVpYBYKtjvyS83PPT4i3 oOz63VuAh9I1C+ujv9r8M12oOjM42ywK3ldqFx6aWVP31USW9zmcOLainvmCqGzZx7EW s8hjLNI33QPko5V0rTqJtfpXoNHx4t0q3G5W2WK/9DWSRc2bZQ4nn+9DqhVLO569hE7r dOgl2KdAgtW6MYO725CQpGY+QDIXeCMKFA+UNrlJxalcUpV/TXZ9+4dbd1H6QIK4rENr wvXues54KKKC8u5rxim4Q0UJbpIXJXYu4lJXvgTUfm+vlIDcb9pMR1MhW+QId7sIT7u0 KMug== X-Forwarded-Encrypted: i=1; AJvYcCWzxz9Req/J/a0Qo4OCQ6OccCD2cw28CA/txTvBRCJDkhpKKoD0pcXKzehoNXejBJMgXz2PfaTg6MBruwc=@vger.kernel.org X-Gm-Message-State: AOJu0Yzjy4Ebf2o9C7CRpEszR8eo8O4A9yzXlOHRiRqaKSjDTO89LoN2 ulUxFLGATOJzP8gVyNJ54+GOw8ZToVRsagEJLkrUKBa3Dy++gaQ228oSucsSyI/8T704kHa+/U7 Akjo77yGgYjQxY8I4w/tvAdSO9hkudRs21qZL5F5EBCIaaAJCihbEW9FyYZdY8+G6EA== X-Gm-Gg: AY/fxX6fbF3fe52P8EerXV3L3pWFYTJLElwHISqQ0qpFcR9m1MlnA8noQ6sgr2yJo8N JT/l6ILCEkBTsIHU8hE1j3Jnn7xycGLMzX2kqkK+J7iHEgyvEpE6lMssiqxOP6NeZXgDTS3tLtg PqFqGI3gnMpfCKYocrCfCspUSvc+d/R44XQuR5ibqgnr4xvZq9mbTAUG1+sxXtlvrXeTCcyIxh6 nmwcftJY0xzKTMmrQoFSkHzXMlnYJ1fg0EQwThlMsB9M1MDYSgUc+WwASuGqdJ7ieknObI9IiHR EO1vmiWoy2HjS+/LnZvFW9Kwi1lP/Yzt90QEbPpfXy8JJWy7ZhK0jFbvPGArpJpJEztwrWSQJDA TuJb1em6p10U4F1jfdcACTQfQiRaBoyad10Gt X-Received: by 2002:a17:907:7fa8:b0:b73:572d:3b07 with SMTP id a640c23a62f3a-b8036fac50amr5432249866b.28.1767610012514; Mon, 05 Jan 2026 02:46:52 -0800 (PST) X-Google-Smtp-Source: AGHT+IHxo3GoSY0pg7482wScLoSxSpKHDG2VZ6RLjUNgrk7dLDD62D65GmPP+NwI+HG9Zc8LUzQ0vg== X-Received: by 2002:a17:907:7fa8:b0:b73:572d:3b07 with SMTP id a640c23a62f3a-b8036fac50amr5432246466b.28.1767610012006; Mon, 05 Jan 2026 02:46:52 -0800 (PST) Received: from alrua-x1.borgediget.toke.dk (alrua-x1.borgediget.toke.dk. [2a0c:4d80:42:443::2]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-b8037f0b12dsm5538526566b.48.2026.01.05.02.46.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 05 Jan 2026 02:46:51 -0800 (PST) Received: by alrua-x1.borgediget.toke.dk (Postfix, from userid 1000) id 56B2D407E63; Mon, 05 Jan 2026 11:46:50 +0100 (CET) From: Toke =?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen?= To: KaFai Wan , ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, martin.lau@linux.dev, eddyz87@gmail.com, song@kernel.org, yonghong.song@linux.dev, john.fastabend@gmail.com, kpsingh@kernel.org, sdf@fomichev.me, haoluo@google.com, jolsa@kernel.org, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, horms@kernel.org, hawk@kernel.org, shuah@kernel.org, aleksander.lobakin@intel.com, bpf@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org Cc: KaFai Wan , Yinhao Hu , Kaiyan Mei , Dongliang Mu Subject: Re: [PATCH bpf-next 1/2] bpf, test_run: Fix user-memory-access vulnerability for LIVE_FRAMES In-Reply-To: <20260104162350.347403-2-kafai.wan@linux.dev> References: <20260104162350.347403-1-kafai.wan@linux.dev> <20260104162350.347403-2-kafai.wan@linux.dev> X-Clacks-Overhead: GNU Terry Pratchett Date: Mon, 05 Jan 2026 11:46:50 +0100 Message-ID: <87y0mc5obp.fsf@toke.dk> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain KaFai Wan writes: > This fix reverts to the original version and ensures data_hard_start > correctly points to the xdp_frame structure, eliminating the security > risk. This is wrong. We should just be checking the meta_len on input to account for the size of xdp_frame. I'll send a patch. -Toke