lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <a9db819e-37fc-4075-984b-f8c836d71f77@chinatelecom.cn>
Date: Thu, 6 Nov 2025 20:09:46 +0800
From: zhengguoyong <zhenggy@...natelecom.cn>
To: 【外部账号】 John Fastabend
 <john.fastabend@...il.com>, jakub@...udflare.com, davem@...emloft.net,
 【外部账号】 Eric Dumazet
 <edumazet@...gle.com>, kuba@...nel.org, pabeni@...hat.com
Cc: netdev@...r.kernel.org, bpf@...r.kernel.org
Subject: [PATCH] bpf, sockmap: Fix tp->copied_seq update in,
 tcp_bpf_strp_read_sock

In the tcp_read_sock_noack function, received packets may be
destined for either the current sk or another sk.

In my test case, the first packet of the connection is sent to
the current sk, while subsequent packets are sent to another sk.

When the first packet is forwarded, tp->copied_seq is updated in
tcp_bpf_recvmsg_parser. However, since psock->copied_seq
accumulates the length of every processed packet,
using psock->copied_seq to update tp->copied_seq when
processing the second packet would lead to incorrect behavior.

Therefore, we only need to update tp->copied_seq in cases where
packets are forwarded to another sk.

Signed-off-by: GuoYong Zheng <zhenggy@...natelecom.cn>
---
 net/ipv4/tcp_bpf.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/net/ipv4/tcp_bpf.c b/net/ipv4/tcp_bpf.c
index d7fa22a..9c99db7 100644
--- a/net/ipv4/tcp_bpf.c
+++ b/net/ipv4/tcp_bpf.c
@@ -804,9 +804,11 @@ int tcp_bpf_strp_read_sock(struct strparser *strp, read_descriptor_t *desc,
 	 * For SK_REDIRECT, we need to ack the frame immediately but for
 	 * SK_PASS, we want to delay the ack until tcp_bpf_recvmsg_parser().
 	 */
-	tp->copied_seq = psock->copied_seq - psock->ingress_bytes;
-	tcp_rcv_space_adjust(sk);
-	__tcp_cleanup_rbuf(sk, copied - psock->ingress_bytes);
+	if (!psock->ingress_bytes) {
+		tp->copied_seq += copied;
+		tcp_rcv_space_adjust(sk);
+		__tcp_cleanup_rbuf(sk, copied);
+	}
 out:
 	rcu_read_unlock();
 	return copied;
-- 
1.8.3.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ