lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Mon, 11 Jul 2022 16:30:14 +0000
To:     Liu Jian <>
Subject: Re: [PATCH bpf] skmsg: Fix invalid last sg check in sk_msg_recvmsg()


This patch was applied to bpf/bpf-next.git (master)
by Daniel Borkmann <>:

On Tue, 28 Jun 2022 20:36:16 +0800 you wrote:
> In sk_psock_skb_ingress_enqueue function, if the linear area + nr_frags +
> frag_list of the SKB has NR_MSG_FRAG_IDS blocks in total, skb_to_sgvec
> will return NR_MSG_FRAG_IDS, then msg->sg.end will be set to
> NR_MSG_FRAG_IDS, and in addition, (NR_MSG_FRAG_IDS - 1) is set to the last
> SG of msg. Recv the msg in sk_msg_recvmsg, when i is (NR_MSG_FRAG_IDS - 1),
> the sk_msg_iter_var_next(i) will change i to 0 (not NR_MSG_FRAG_IDS), the
> judgment condition "msg_rx->sg.start==msg_rx->sg.end" and
> "i != msg_rx->sg.end" can not work.
> [...]

Here is the summary with links:
  - [bpf] skmsg: Fix invalid last sg check in sk_msg_recvmsg()

You are awesome, thank you!
Deet-doot-dot, I am a bot.

Powered by blists - more mailing lists