* [PATCH net 1/1] bpf: sockmap: fix tail fragment offset in bpf_msg_push_data [not found] <cover.1779636774.git.xuyq21@lenovo.com> @ 2026-05-27 3:48 ` Ren Wei 2026-05-27 14:47 ` John Fastabend 0 siblings, 1 reply; 2+ messages in thread From: Ren Wei @ 2026-05-27 3:48 UTC (permalink / raw) To: bpf, netdev Cc: martin.lau, daniel, john.fastabend, sdf, ast, andrii, eddyz87, memxor, song, yonghong.song, jolsa, yuantan098, zcliangcn, bird, xuyq21, n05ec From: Yuqi Xu <xuyq21@lenovo.com> When bpf_msg_push_data() inserts data in the middle of a scatterlist entry, it splits the original entry into a left fragment and a right fragment. The right fragment offset is page-local, but the code advances it with `start`, which is the message-global insertion point. For inserts into a non-first SG entry, this over-advances the offset and leaves the split layout inconsistent. Advance the right fragment offset by the fragment-local delta, `start - offset`, which matches the length removed from the front of the original entry. Fixes: 6fff607e2f14 ("bpf: sk_msg program helper bpf_msg_push_data") Cc: stable@kernel.org Reported-by: Yuan Tan <yuantan098@gmail.com> Reported-by: Zhengchuan Liang <zcliangcn@gmail.com> Reported-by: Xin Liu <bird@lzu.edu.cn> Assisted-by: Codex:GPT-5.4 Signed-off-by: Yuqi Xu <xuyq21@lenovo.com> Signed-off-by: Ren Wei <n05ec@lzu.edu.cn> --- net/core/filter.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/core/filter.c b/net/core/filter.c index 80a3b702a2d4..d8e637f35f68 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -2860,7 +2860,7 @@ BPF_CALL_4(bpf_msg_push_data, struct sk_msg *, msg, u32, start, psge->length = start - offset; rsge.length -= psge->length; - rsge.offset += start; + rsge.offset += start - offset; sk_msg_iter_var_next(i); sg_unmark_end(psge); -- 2.54.0 ^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH net 1/1] bpf: sockmap: fix tail fragment offset in bpf_msg_push_data 2026-05-27 3:48 ` [PATCH net 1/1] bpf: sockmap: fix tail fragment offset in bpf_msg_push_data Ren Wei @ 2026-05-27 14:47 ` John Fastabend 0 siblings, 0 replies; 2+ messages in thread From: John Fastabend @ 2026-05-27 14:47 UTC (permalink / raw) To: Ren Wei Cc: bpf, netdev, martin.lau, daniel, sdf, ast, andrii, eddyz87, memxor, song, yonghong.song, jolsa, yuantan098, zcliangcn, bird, xuyq21 On Wed, May 27, 2026 at 11:48:15AM +0800, Ren Wei wrote: >From: Yuqi Xu <xuyq21@lenovo.com> > >When bpf_msg_push_data() inserts data in the middle of a scatterlist >entry, it splits the original entry into a left fragment and a right >fragment. > >The right fragment offset is page-local, but the code advances it with >`start`, which is the message-global insertion point. For inserts into a >non-first SG entry, this over-advances the offset and leaves the split >layout inconsistent. > >Advance the right fragment offset by the fragment-local delta, >`start - offset`, which matches the length removed from the front of the >original entry. > >Fixes: 6fff607e2f14 ("bpf: sk_msg program helper bpf_msg_push_data") >Cc: stable@kernel.org >Reported-by: Yuan Tan <yuantan098@gmail.com> >Reported-by: Zhengchuan Liang <zcliangcn@gmail.com> >Reported-by: Xin Liu <bird@lzu.edu.cn> >Assisted-by: Codex:GPT-5.4 >Signed-off-by: Yuqi Xu <xuyq21@lenovo.com> >Signed-off-by: Ren Wei <n05ec@lzu.edu.cn> >--- > net/core/filter.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Thanks. eviewed-by: John Fastabend <john.fastabend@gmail.com> ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-05-27 14:47 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <cover.1779636774.git.xuyq21@lenovo.com>
2026-05-27 3:48 ` [PATCH net 1/1] bpf: sockmap: fix tail fragment offset in bpf_msg_push_data Ren Wei
2026-05-27 14:47 ` John Fastabend
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox