Re: [PATCH 6.6 238/676] bpf, sockmap: Several fixes to bpf_msg_pop_data

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

More background about it, this patch series includes some fixes to
test_sockmap itself, and it exposes some problems in sockhash test
with SENDPAGE and ktls with SENDPAGE. This might be the reason
for the kernel crash.

The problem I observed,
1. In sockhash test, a NULL pointer kernel BUG will be reported for
nearly every cork test. More inspections are needed for
splice_to_socket.

2. txmsg_pass are not set before, and some tests are skipped. Now after
the fixes, we have some failure cases now. More fixes are needed either
for the selftest or the ktls kernel code.
More details in https://lore.kernel.org/all/20241024202917.3443231-1-zijianzhang@xxxxxxxxxxxxx/ 


On 2/27/25 1:40 AM, Tianchen Ding wrote:

Hi,

On 12/6/24 10:30 PM, Greg Kroah-Hartman wrote:
6.6-stable review patch.  If anyone has any objections, please let me know. 

------------------

From: Zijian Zhang <zijianzhang@xxxxxxxxxxxxx>

[ Upstream commit 5d609ba262475db450ba69b8e8a557bd768ac07a ]

Several fixes to bpf_msg_pop_data,
1. In sk_msg_shift_left, we should put_page
2. if (len == 0), return early is better
3. pop the entire sk_msg (last == msg->sg.size) should be supported
4. Fix for the value of variable "a"
5. In sk_msg_shift_left, after shifting, i has already pointed to the next 
element. Addtional sk_msg_iter_var_next may result in BUG.

Fixes: 7246d8ed4dcc ("bpf: helper to pop data from messages")
Signed-off-by: Zijian Zhang <zijianzhang@xxxxxxxxxxxxx>
Reviewed-by: John Fastabend <john.fastabend@xxxxxxxxx>
Link: https://lore.kernel.org/r/20241106222520.527076-8- zijianzhang@xxxxxxxxxxxxx 
Signed-off-by: Martin KaFai Lau <martin.lau@xxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
We found the kernel crashed when running kselftests (bpf/test_sockmap) in kernel 6.6 LTS, which is introduced by this commit. I guess all other stable kernels (containing this commit) are also affected. 

Please consider backporting the following 2 commits:
fdf478d236dc ("skmsg: Return copied bytes in sk_msg_memcopy_from_iter")
5153a75ef34b ("tcp_bpf: Fix copied value in tcp_bpf_sendmsg")

Thanks.
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux