Thread (3 messages) 3 messages, 2 authors, 2025-12-14

Re: [PATCH net-next v4] net: restore the iterator to its original state when an error occurs

From: Jakub Kicinski <kuba@kernel.org>
Date: 2025-12-12 23:37:23
Also in: kvm, lkml, syzbot, virtualization

On Thu, 11 Dec 2025 14:57:08 +0800 Edward Adam Davis wrote:
In zerocopy_fill_skb_from_iter(), if two copy operations are performed
and the first one succeeds while the second one fails, it returns a
failure but the count in iterator has already been decremented due to
the first successful copy. This ultimately affects the local variable
rest_len in virtio_transport_send_pkt_info(), causing the remaining
count in rest_len to be greater than the actual iterator count. As a
result, packet sending operations continue even when the iterator count
is zero, which further leads to skb->len being 0 and triggers the warning
reported by syzbot [1].
Please address the feedback from previous revision and when you repost
use net as the subject tag.
-- 
pw-bot: cr
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help