On Thu, Feb 27, 2025 at 05:40:02PM +0800, Tianchen Ding wrote:
> Hi,
>
> On 12/6/24 10:30 PM, Greg Kroah-Hartman wrote:
> > 6.6-stable review patch. If anyone has any objections, please let me know.
> >
> > ------------------
> >
> > From: Zijian Zhang <zijianzhang@xxxxxxxxxxxxx>
> >
> > [ Upstream commit 5d609ba262475db450ba69b8e8a557bd768ac07a ]
> >
> > Several fixes to bpf_msg_pop_data,
> > 1. In sk_msg_shift_left, we should put_page
> > 2. if (len == 0), return early is better
> > 3. pop the entire sk_msg (last == msg->sg.size) should be supported
> > 4. Fix for the value of variable "a"
> > 5. In sk_msg_shift_left, after shifting, i has already pointed to the next
> > element. Addtional sk_msg_iter_var_next may result in BUG.
> >
> > Fixes: 7246d8ed4dcc ("bpf: helper to pop data from messages")
> > Signed-off-by: Zijian Zhang <zijianzhang@xxxxxxxxxxxxx>
> > Reviewed-by: John Fastabend <john.fastabend@xxxxxxxxx>
> > Link: https://lore.kernel.org/r/20241106222520.527076-8-zijianzhang@xxxxxxxxxxxxx
> > Signed-off-by: Martin KaFai Lau <martin.lau@xxxxxxxxxx>
> > Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
>
> We found the kernel crashed when running kselftests (bpf/test_sockmap) in
> kernel 6.6 LTS, which is introduced by this commit. I guess all other stable
> kernels (containing this commit) are also affected.
>
> Please consider backporting the following 2 commits:
> fdf478d236dc ("skmsg: Return copied bytes in sk_msg_memcopy_from_iter")
> 5153a75ef34b ("tcp_bpf: Fix copied value in tcp_bpf_sendmsg")
Please submit the tested series to us, properly backported, and we will
be glad to review them for stable inclusion (remember to also properly
send patches for newer stable releases as needed.)
thanks,
greg k-h
