From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from out-172.mta1.migadu.com (out-172.mta1.migadu.com [95.215.58.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5B44C3597B for ; Wed, 1 Jul 2026 05:03:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=95.215.58.172 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782882229; cv=none; b=OFDqdrm+lKIJXkX3vJsWtknPFVvAvLCUZzcAkkXeGPT6RC5KB8oMK7JP7nSEkM0hSnGPaEsWZr6AsbIVHcII73OczqxW8mo4YAW8qfDR2dugKKmjvaikYXpCzHNtUxvXPtfHfoDb14DMVf3OVxko55qrcqmTtTG4FCRs0LYtq9U= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782882229; c=relaxed/simple; bh=oxbMbODushhC7pgEE9L6PR2gFzNlyiACUXcfsuicEIs=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=ZCZj8PPFFGLS97CcAxBbdvuK+q7wNpA0wtql3VC28aIQANEyg7TXT6fbe+1mqTdavuFJJgcSUkb3plPpvvziXrkpYNHLNYKSCkQg5qfn/usBxzcB/vOdpM985UpUyqkYb6UWcbU4CcMoW5zF78zR4xIlcMztSlmTpEDb0H1Ah4M= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev; spf=pass smtp.mailfrom=linux.dev; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b=K9pGLR0V; arc=none smtp.client-ip=95.215.58.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="K9pGLR0V" Message-ID: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1782882216; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=icl4iM8H8kjQY8I0E4w6SCKCBCCsjMFSCKrymXKcac8=; b=K9pGLR0VqRXVIaZtsgJfO00PbLThrU3L1kVvL3dD2Pw4mqEHie36a5V+LK7kwZNv4P5DKt m7pYZ0FFkhDQP8frdwKpKMBA9lPUrAvgaOmQ37kJ5Er/XLliB/A3B4wcqfSoxxuSmFcFMi 0gcVmdXm6rxJAdanEqceqRiZ9NBpYow= Date: Wed, 1 Jul 2026 13:03:08 +0800 Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Subject: Re: [PATCH bpf-next v5 0/3] bpf, sockmap: reject a packet-modifying SK_SKB stream parser To: Ihor Solodrai , Sechang Lim , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , John Fastabend , Jakub Sitnicki , Eduard Zingerman Cc: Eric Dumazet , Kuniyuki Iwashima , Paolo Abeni , Willem de Bruijn , "David S . Miller" , Jakub Kicinski , Martin KaFai Lau , Song Liu , Yonghong Song , Jiri Olsa , Kumar Kartikeya Dwivedi , Simon Horman , Shuah Khan , Bobby Eshleman , netdev@vger.kernel.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org References: <20260620024423.4141004-1-rhkrqnwk98@gmail.com> X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Jiayuan Chen In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Migadu-Flow: FLOW_OUT On 7/1/26 12:48 PM, Ihor Solodrai wrote: > On 2026-06-19 7:44 p.m., Sechang Lim wrote: >> A BPF_PROG_TYPE_SK_SKB stream parser runs on strparser's message head, >> which can chain skbs through frag_list. A parser that resizes the skb >> frees the frag_list segments that strparser still tracks through >> skb_nextp, leading to a use-after-free. >> >> A stream parser is only meant to measure the next message, not to modify >> the packet, so reject a packet-modifying parser at attach time. >> >> v5: >>   - target bpf-next instead of bpf >>   - add Reviewed-by tag (Jiayuan Chen) >> >> v4: >>   - >> https://lore.kernel.org/all/20260619062959.3277612-1-rhkrqnwk98@gmail.com/ >> >> v3: >>   - >> https://lore.kernel.org/all/20260618102718.2331468-1-rhkrqnwk98@gmail.com/ >> >> v2: >>   - >> https://lore.kernel.org/all/20260612123553.2724240-1-rhkrqnwk98@gmail.com/ >> >> v1: >>   - >> https://lore.kernel.org/all/20260609112316.3685738-1-rhkrqnwk98@gmail.com/ >> >> Sechang Lim (3): >>    selftests/bpf: don't modify the skb in the strparser parser prog >>    bpf, sockmap: reject a packet-modifying SK_SKB stream parser >>    selftests/bpf: test rejection of a packet-modifying SK_SKB stream >>      parser > > > Hi Sechang, all, > > This series broke test_maps (test_sockmap subtest) on the bpf > tree. Currently on BPF CI the test fails on bpf, but passes on > bpf-next (it doesn't have the series yet). > > test_maps fails with: > >     + taskset 0xF ./test_maps >     [    8.352378] clocksource: Watchdog remote CPU 2 read timed out >     Failed sockmap unexpected timeout > > See test_maps.c:995 in test_sockmap(): the 30s select() times out and > test_maps exits 1. Note there is no "Failed stream parser bpf prog > attach" message, the parser attaches fine. > > The series was merged into bpf on 2026-06-26 00:42 UTC > > CI runs: >   last good (pre-merge, 06-25): > https://github.com/kernel-patches/bpf/actions/runs/28158326456 >   first bad (post-merge, 06-26): > https://github.com/kernel-patches/bpf/actions/runs/28210181858 >   recent bad (06-30): > https://github.com/kernel-patches/bpf/actions/runs/28475936023 > > Confirmed locally reverting the 3 commits and rebuilding makes > test_sockmap pass again. > > Could you please help investigate? I'll work on this.