From: Stefano Garzarella <sgarzare@redhat.com>
To: David Laight <david.laight.linux@gmail.com>
Cc: patchwork-bot+netdevbpf@kernel.org, netdev@vger.kernel.org,
xuanzhuo@linux.alibaba.com, horms@kernel.org,
virtualization@lists.linux.dev, linux-kernel@vger.kernel.org,
kvm@vger.kernel.org, kuba@kernel.org, eperezma@redhat.com,
pabeni@redhat.com, mst@redhat.com, davem@davemloft.net,
jasowang@redhat.com, stefanha@redhat.com, edumazet@google.com,
stable@vger.kernel.org
Subject: Re: [PATCH net] vsock/virtio: fix skb overhead overflow on 32-bit builds
Date: Mon, 25 May 2026 11:57:45 +0200 [thread overview]
Message-ID: <ahQbVxvbBEJZ3TBU@sgarzare-redhat> (raw)
In-Reply-To: <20260523173557.5cc4f4f6@pumpkin>
On Sat, May 23, 2026 at 05:35:57PM +0100, David Laight wrote:
>On Sat, 23 May 2026 02:20:29 +0000
>patchwork-bot+netdevbpf@kernel.org wrote:
>
>> Hello:
>>
>> This patch was applied to netdev/net.git (main)
>> by Jakub Kicinski <kuba@kernel.org>:
>
>Did anyone else notice that is isn't a bug?
>
>There is no way that a 'count of bytes of kernel memory' can overflow
>the size of 'long'.
It's more of an estimate than an actual calculation of memory usage if
we queue the incoming packet. In theory, an overflow could occur if the
user sets `buf_alloc` to 4GB. In practice, though, I think you're right:
the memory should run out before we get to that check.
Thanks,
Stefano
>
>-- David
>
>>
>> On Thu, 21 May 2026 14:47:32 +0200 you wrote:
>> > From: Stefano Garzarella <sgarzare@redhat.com>
>> >
>> > On 32-bit architectures, both skb_queue_len() and SKB_TRUESIZE(0) evaluate
>> > to 32-bit values. The multiplication can overflow before being assigned to
>> > the u64 skb_overhead variable, making the skb overhead check ineffective.
>> >
>> > Cast skb_queue_len() to u64 so the multiplication is always performed in
>> > 64-bit arithmetic.
>> >
>> > [...]
>>
>> Here is the summary with links:
>> - [net] vsock/virtio: fix skb overhead overflow on 32-bit builds
>> https://git.kernel.org/netdev/net/c/4157501b9a8f
>>
>> You are awesome, thank you!
>
next prev parent reply other threads:[~2026-05-25 9:57 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-21 12:47 [PATCH net] vsock/virtio: fix skb overhead overflow on 32-bit builds Stefano Garzarella
2026-05-21 13:09 ` Michael S. Tsirkin
2026-05-21 17:13 ` David Laight
2026-05-23 2:20 ` patchwork-bot+netdevbpf
2026-05-23 16:35 ` David Laight
2026-05-25 9:57 ` Stefano Garzarella [this message]
2026-05-25 10:53 ` David Laight
2026-05-25 12:42 ` Michael S. Tsirkin
2026-05-25 13:09 ` Stefano Garzarella
2026-05-25 14:53 ` David Laight
2026-05-25 15:16 ` Stefano Garzarella
2026-05-25 17:14 ` David Laight
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ahQbVxvbBEJZ3TBU@sgarzare-redhat \
--to=sgarzare@redhat.com \
--cc=davem@davemloft.net \
--cc=david.laight.linux@gmail.com \
--cc=edumazet@google.com \
--cc=eperezma@redhat.com \
--cc=horms@kernel.org \
--cc=jasowang@redhat.com \
--cc=kuba@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mst@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=patchwork-bot+netdevbpf@kernel.org \
--cc=stable@vger.kernel.org \
--cc=stefanha@redhat.com \
--cc=virtualization@lists.linux.dev \
--cc=xuanzhuo@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox