On Mon, 2026-01-05 at 17:43 +0100, Toke Høiland-Jørgensen wrote: > KaFai Wan <[email protected]> writes: > > > On Mon, 2026-01-05 at 11:46 +0100, Toke Høiland-Jørgensen wrote: > > > KaFai Wan <[email protected]> writes: > > > > > > > This fix reverts to the original version and ensures data_hard_start > > > > correctly points to the xdp_frame structure, eliminating the security > > > > risk. > > > > > > This is wrong. We should just be checking the meta_len on input to > > > account for the size of xdp_frame. I'll send a patch. > > > > Current version the actual limit of the max input meta_len for live frames > > is > > XDP_PACKET_HEADROOM - sizeof(struct xdp_frame), not > > XDP_PACKET_HEADROOM. > > By "current version", you mean the patch I sent[0], right? > > If so, that was deliberate: the stack limits the maximum data_meta size > to XDP_PACKET_HEADROOM - sizeof(struct xdp_frame), so there's no reason > not to do the same for bpf_prog_run(). And some chance that diverging > here will end up surfacing other bugs down the line. > Oh, I see. Thank you for your explanation. > -Toke > > [0] https://lore.kernel.org/r/[email protected] >
-- Thanks, KaFai
