From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from out-171.mta0.migadu.com (out-171.mta0.migadu.com [91.218.175.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 577C41EDA0F for ; Fri, 12 Jun 2026 13:09:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=91.218.175.171 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781269787; cv=none; b=Cy0o4gFX+UDxzYQY9vLLLIp0L1EaxMCpuC6A11tk0ZyH0cPAEvsDpHGOrMiZ5T88fI34H7xPS5Bx+tOj+7/bOB6hmgUqT3Zp2O/J9n8xY4Rv3tP3yPfZG2Xr8I9Od8F3+hCcNx91TTB4OV2QXxz1f3N8xWZIDbC2Kowg5GZsty0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1781269787; c=relaxed/simple; bh=VaFsV3zYFY3mK1OrfmJTm2cFqGadeu79qZUzTRXR7Bc=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=tcvm36SLOth6rU/YmylC1ZdkYxdUHZmdT/QSyuJoImtwofBbhObW9DspO3URjUi4HzDlHK2P4mHNCPfpPl59FCGhf2w9symou7AjosQG3S6l0e0Ox/0VMsmpm9Xbn1Nuu5IPYNl1qtKKDiMuiJX/zgDycZ3/CTaRFAzDco6UgBs= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev; spf=pass smtp.mailfrom=linux.dev; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b=XgkQiM3j; arc=none smtp.client-ip=91.218.175.171 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="XgkQiM3j" X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1781269773; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=u1jR21UWFQybwcEcFpefATHF6rUgxMUInVDBlrsJDFI=; b=XgkQiM3jsqYJIclHiKxdsmL9VLVyA6bWpC9/6ltpWdTyGPDxJNDNlGovI6hdZSMhmnywYT Zv9ubwz1H8dgTZw7FCvQi1pV8g91rgRE8lfxudsKXtNj3gU6gc5agFY+f3QhnZFBE8cKsv 6bXkrUINRiUf4kYUxsJ8/yZ8lIsVnEY= From: Jiayuan Chen To: bpf@vger.kernel.org Cc: Jiayuan Chen , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Eduard Zingerman , Kumar Kartikeya Dwivedi , Martin KaFai Lau , Song Liu , Yonghong Song , Jiri Olsa , Emil Tsalapatis , John Fastabend , Stanislav Fomichev , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , Jakub Sitnicki , Shuah Khan , Jesper Dangaard Brouer , Ihor Solodrai , Sechang Lim , Cong Wang , linux-kernel@vger.kernel.org, netdev@vger.kernel.org, linux-kselftest@vger.kernel.org Subject: [PATCH bpf-next v3 0/7] bpf, skmsg: some fixes for skmsg Date: Fri, 12 Jun 2026 21:07:44 +0800 Message-ID: <20260612130919.299124-1-jiayuan.chen@linux.dev> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Migadu-Flow: FLOW_OUT All fixes are from previous patches sent by Weiming Shi, Zhang Cen, Kuniyuki and Sechang Lim, which have already been reviewed by me and John and Jakub. https://lore.kernel.org/bpf/20260610081218.506709-2-rhkrqnwk98@gmail.com/ https://lore.kernel.org/bpf/20260520102715.3033936-1-rollkingzzc@gmail.com/ https://lore.kernel.org/bpf/20260424190310.1520555-2-bestswngs@gmail.com/ https://lore.kernel.org/bpf/20260424191602.1522411-3-bestswngs@gmail.com/ https://lore.kernel.org/bpf/20260423155807.1245644-2-bestswngs@gmail.com/ https://lore.kernel.org/bpf/20260221233234.3814768-4-kuniyu@google.com/ The automated reviewer (sashiko) may still flag a few other potential issues on top of this series. After looking into them, they are either already covered by the patches here, or only reachable under very narrow conditions that require a specially crafted BPF program and an unusual sk_msg ring state, so they are not practical to trigger and are left out of this series. I'm collecting these fixes together because the same problems have been re-sent many times in slightly different forms, and I hope this series can be prioritized for merging so the duplicates can finally settle. With so many AI-generated patches floating around for these spots, leaving them unmerged just keeps wasting maintainer review cycles on the same issues. v2->v3: Target to bpf-next and carry Emil's reviewed-by tag. Reverse xmas tree style is used suggested by Cong. (not all code match reverse xmas tree due to variable dependency) v1->v2: fix problem when fix the conflict. Kuniyuki Iwashima (1): sockmap: Fix use-after-free in udp_bpf_recvmsg() Sechang Lim (2): bpf, sockmap: fix integer overflow in bpf_msg_pop_data() bounds check selftests/bpf: add test for bpf_msg_pop_data() overflow Weiming Shi (3): bpf, sockmap: reject overflowing copy + len in bpf_msg_push_data() bpf, sockmap: Fix wrong rsge offset in bpf_msg_push_data() bpf, sockmap: zero-initialize pages allocated in bpf_msg_push_data Zhang Cen (1): bpf, sockmap: keep sk_msg copy state in sync net/core/filter.c | 99 +++++++++++++++++-- net/ipv4/udp_bpf.c | 9 ++ .../selftests/bpf/prog_tests/sockmap_basic.c | 48 +++++++++ .../bpf/progs/test_sockmap_msg_pop_data.c | 27 +++++ 4 files changed, 174 insertions(+), 9 deletions(-) create mode 100644 tools/testing/selftests/bpf/progs/test_sockmap_msg_pop_data.c -- 2.43.0