Skip to content

fix: check length in SkBuff's load_bytes function#1469

Draft
hsqStephenZhang wants to merge 3 commits intoaya-rs:mainfrom
hsqStephenZhang:fix/load_bytes
Draft

fix: check length in SkBuff's load_bytes function#1469
hsqStephenZhang wants to merge 3 commits intoaya-rs:mainfrom
hsqStephenZhang:fix/load_bytes

Conversation

@hsqStephenZhang
Copy link
Contributor

@hsqStephenZhang hsqStephenZhang commented Feb 1, 2026
edited by tamird
Loading

Fix: #1207

Should i create a new file for the eBPF program? Though that seems odd in current integration-test's file structure.

This change is Reviewable

Copilot AI review requested due to automatic review settings February 1, 2026 19:29
@netlify
Copy link

netlify bot commented Feb 1, 2026
edited
Loading

Deploy Preview for aya-rs-docs ready!

Built without sensitive environment variables

Name Link
🔨 Latest commit 3543c78
🔍 Latest deploy log https://app.netlify.com/projects/aya-rs-docs/deploys/69805e5a9a3f810008669347
😎 Deploy Preview https://deploy-preview-1469--aya-rs-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

Copilot AI reviewed Feb 1, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes a verifier error that occurred when using the load_bytes function in socket filter eBPF programs. The verifier was rejecting programs with "invalid zero-sized read" errors when attempting to load bytes from packets, even when the length was dynamically computed.

Changes:

  • Added a zero-length check in SkBuff::load_bytes() to return early when there are no bytes to read, preventing verifier rejection
  • Added integration test to verify the fix by loading a socket filter program that uses load_bytes
  • Updated imports in test.rs to include necessary socket filter types

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File Description
ebpf/aya-ebpf/src/programs/sk_buff.rs Added early return when computed length is zero to avoid passing zero-length reads to the verifier
test/integration-ebpf/src/test.rs Added socket filter test program that exercises load_bytes to validate the fix
test/integration-test/src/tests/load_bytes.rs Created integration test that loads the socket filter program to verify it passes verifier validation
test/integration-test/src/tests.rs Registered the new load_bytes test module

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

hsqStephenZhang and others added 2 commits February 1, 2026 20:40
@hsqStephenZhang
Update test/integration-test/src/tests/load_bytes.rs
d29fbfa 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@hsqStephenZhang
fix
3543c78
@hsqStephenZhang
Copy link
Contributor Author

hsqStephenZhang commented Feb 1, 2026

sorry i did not check it on earlier versions. seems that it works on linux 6.12, but fails on 5.10 and 6.1

@hsqStephenZhang
Copy link
Contributor Author

hsqStephenZhang commented Feb 2, 2026

kernel has done a lot of improvement on verifier in 6.x including tnum and range tracking, so it's a reasonable observation that it succeeded on 6.12 but not on earlier ones.

@hsqStephenZhang
Copy link
Contributor Author

hsqStephenZhang commented Feb 4, 2026

I'm still trying to figure out at which kernel version it's fixed.

@tamird tamird marked this pull request as draft February 17, 2026 16:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Fix or examples required for socket filter byte loading

2 participants

@hsqStephenZhang