| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251128093946.18c645c6@kernel.org> Date: Fri, 28 Nov 2025 09:39:46 -0800 From: Jakub Kicinski <kuba@...nel.org> To: Edward Adam Davis <eadavis@...com> Cc: syzbot+ci3edb9412aeb2e703@...kaller.appspotmail.com, davem@...emloft.net, edumazet@...gle.com, eperezma@...hat.com, horms@...nel.org, jasowang@...hat.com, kvm@...r.kernel.org, linux-kernel@...r.kernel.org, mst@...hat.com, netdev@...r.kernel.org, pabeni@...hat.com, sgarzare@...hat.com, stefanha@...hat.com, syzbot@...ts.linux.dev, syzbot@...kaller.appspotmail.com, syzkaller-bugs@...glegroups.com, virtualization@...ts.linux.dev, xuanzhuo@...ux.alibaba.com Subject: Re: [PATCH Next V2] net: restore the iterator to its original state when an error occurs On Fri, 28 Nov 2025 21:35:57 +0800 Edward Adam Davis wrote: > In zerocopy_fill_skb_from_iter(), if two copy operations are performed > and the first one succeeds while the second one fails, it returns a > failure but the count in iterator has already been decremented due to > the first successful copy. This ultimately affects the local variable > rest_len in virtio_transport_send_pkt_info(), causing the remaining > count in rest_len to be greater than the actual iterator count. As a > result, packet sending operations continue even when the iterator count > is zero, which further leads to skb->len being 0 and triggers the warning > reported by syzbot [1]. Please follow the subsystem guidelines for posting patches: https://www.kernel.org/doc/html/next/process/maintainer-netdev.html Your patch breaks zerocopy tests.
Powered by blists - more mailing lists