Hello:
This patch was applied to bpf/bpf.git (master) by Alexei Starovoitov ast@kernel.org:
On Wed, 8 Oct 2025 18:56:59 +0200 you wrote:
Turned out certain clearly invalid values passed in &xdp_desc from userspace can pass xp_{,un}aligned_validate_desc() and then lead to UBs or just invalid frames to be queued for xmit.
desc->len close to ``U32_MAX`` with a non-zero pool->tx_metadata_len can cause positive integer overflow and wraparound, the same way low enough desc->addr with a non-zero pool->tx_metadata_len can cause negative integer overflow. Both scenarios can then pass the validation successfully. This doesn't happen with valid XSk applications, but can be used to perform attacks.
[...]
Here is the summary with links: - [bpf] xsk: harden userspace-supplied &xdp_desc validation https://git.kernel.org/bpf/bpf/c/07ca98f906a4
You are awesome, thank you!