Linux Test Project
 help / color / mirror / Atom feed
From: linuxtestproject.agent@gmail.com
To: Andrea Cervesato <andrea.cervesato@suse.de>
Cc: ltp@lists.linux.it
Subject: Re: [LTP] lapi: Add pkt_sched.h and pkt_cls.h fallbacks
Date: Mon,  6 Jul 2026 14:32:36 +0000	[thread overview]
Message-ID: <20260706143236.4092-1-linuxtestproject.agent@gmail.com> (raw)
In-Reply-To: <20260706-cve-2026-46331-v1-1-c55d45f022d1@suse.com>

Hi Andrea,

On Mon, 7 Jul 2026 14:56:11 +0200, Andrea Cervesato wrote:
> lapi: Add pkt_sched.h and pkt_cls.h fallbacks

--- [PATCH 2/2] ---

> cve: Add act_pedit page-cache corruption test

> +	if (sendfile(cli_fd, file_fd, &off, DATA_SIZE) < 0)
> +		tst_brk(TBROK | TERRNO, "sendfile() failed");
> +
> +	/*
> +	 * Allow the loopback egress path to finish processing.
> +	 * The pedit action fires synchronously on lo, but give
> +	 * the stack a moment to drain any queued segments.
> +	 */
> +	usleep(100000);
> +
> +	SAFE_CLOSE(cli_fd);
> +	SAFE_CLOSE(acc_fd);

usleep() for synchronization is not allowed (ground rule 2).

The comment itself says the pedit action fires synchronously on lo.
If that is the case, all egress processing is complete by the time
sendfile() returns, and the sleep buys nothing.

If TCP produces multiple segments and there is a concern that not all
of them have passed through the egress filter by the time the readback
runs, the deterministic fix is to drain acc_fd before closing the
sockets:

    char sink[DATA_SIZE];
    SAFE_READ(1, acc_fd, sink, sizeof(sink));

That read blocks until all DATA_SIZE bytes have been received,
guaranteeing the full egress path -- including every pedit action --
has completed before the page-cache comparison.

Verdict - Needs revision

---
Note:

The agent can sometimes produce false positives although often its
findings are genuine. If you find issues with the review, please
comment this email or ignore the suggestions.

Regards,
LTP AI Reviewer

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

  reply	other threads:[~2026-07-06 14:32 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-06 12:56 [LTP] [PATCH 0/2] Reproducer for cve-2026-46331 Andrea Cervesato
2026-07-06 12:56 ` [LTP] [PATCH 1/2] lapi: Add pkt_sched.h and pkt_cls.h fallbacks Andrea Cervesato
2026-07-06 14:32   ` linuxtestproject.agent [this message]
2026-07-06 12:56 ` [LTP] [PATCH 2/2] cve: Add act_pedit page-cache corruption test Andrea Cervesato
  -- strict thread matches above, loose matches on Subject: below --
2026-07-06 19:12 [LTP] [PATCH v2 1/2] lapi: Add pkt_sched.h and pkt_cls.h fallbacks Andrea Cervesato
2026-07-06 20:09 ` [LTP] " linuxtestproject.agent

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260706143236.4092-1-linuxtestproject.agent@gmail.com \
    --to=linuxtestproject.agent@gmail.com \
    --cc=andrea.cervesato@suse.de \
    --cc=ltp@lists.linux.it \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox