TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ace2bee839
twx-linux/net/core
History
Liu Jian 9974d37ea7 skmsg: Fix invalid last sg check in sk_msg_recvmsg() 
In sk_psock_skb_ingress_enqueue function, if the linear area + nr_frags +
frag_list of the SKB has NR_MSG_FRAG_IDS blocks in total, skb_to_sgvec
will return NR_MSG_FRAG_IDS, then msg->sg.end will be set to
NR_MSG_FRAG_IDS, and in addition, (NR_MSG_FRAG_IDS - 1) is set to the last
SG of msg. Recv the msg in sk_msg_recvmsg, when i is (NR_MSG_FRAG_IDS - 1),
the sk_msg_iter_var_next(i) will change i to 0 (not NR_MSG_FRAG_IDS), the
judgment condition "msg_rx->sg.start==msg_rx->sg.end" and
"i != msg_rx->sg.end" can not work.

As a result, the processed msg cannot be deleted from ingress_msg list.
But the length of all the sge of the msg has changed to 0. Then the next
recvmsg syscall will process the msg repeatedly, because the length of sge
is 0, the -EFAULT error is always returned.

Fixes: 604326b41a6f ("bpf, sockmap: convert to generic sk_msg interface")
Signed-off-by: Liu Jian <liujian56@huawei.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Link: https://lore.kernel.org/bpf/20220628123616.186950-1-liujian56@huawei.com
2022-07-11 18:22:07 +02:00
..
.gitignore net: skb: use auto-generation to convert skb drop reason to string 2022-06-07 12:51:41 +02:00
bpf_sk_storage.c bpf: Compute map_btf_id during build time 2022-04-26 11:35:21 -07:00
datagram.c net: keep sk->sk_forward_alloc as small as possible 2022-06-10 16:21:27 -07:00
dev_addr_lists_test.c net: kunit: add a test for dev_addr_lists 2021-11-20 12:25:57 +00:00
dev_addr_lists.c net: extract a few internals from netdevice.h 2022-04-07 20:32:09 -07:00
dev_ioctl.c net: rename reference+tracking helpers 2022-06-09 21:52:55 -07:00
dev.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-06-23 12:33:24 -07:00
dev.h net: add skb_defer_max sysctl 2022-05-16 11:33:59 +01:00
devlink.c devlink: adopt u64_stats_t 2022-06-09 21:53:11 -07:00
drop_monitor.c drop_monitor: adopt u64_stats_t 2022-06-09 21:53:12 -07:00
dst_cache.c wireguard: device: reset peer src endpoint when netns exits 2021-11-29 19:50:45 -08:00
dst.c net: rename reference+tracking helpers 2022-06-09 21:52:55 -07:00
failover.c net: rename reference+tracking helpers 2022-06-09 21:52:55 -07:00
fib_notifier.c
fib_rules.c fib: expand fib_rule_policy 2021-12-16 07:18:35 -08:00
filter.c Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2022-07-09 12:24:16 -07:00
flow_dissector.c flow_dissector: Add number of vlan tags dissector 2022-04-20 11:09:13 +01:00
flow_offload.c netfilter: nf_tables: bail out early if hardware offload is not supported 2022-06-06 19:19:15 +02:00
gen_estimator.c net: sched: Remove Qdisc::running sequence counter 2021-10-18 12:54:41 +01:00
gen_stats.c net: stats: Read the statistics in ___gnet_stats_copy_basic() instead of adding. 2021-10-21 12:47:56 +01:00
gro_cells.c net: add per-cpu storage and net->core_stats 2022-03-11 23:17:24 -08:00
gro.c net: allow gro_max_size to exceed 65536 2022-05-16 10:18:56 +01:00
hwbm.c
link_watch.c net: rename reference+tracking helpers 2022-06-09 21:52:55 -07:00
lwt_bpf.c bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt hook 2022-04-22 17:45:25 +02:00
lwtunnel.c lwtunnel: Validate RTA_ENCAP_TYPE attribute length 2021-12-31 14:31:59 +00:00
Makefile net: skb: use auto-generation to convert skb drop reason to string 2022-06-07 12:51:41 +02:00
neighbour.c net, neigh: introduce interval_probe_time_ms for periodic probe 2022-06-30 13:14:35 +02:00
net_namespace.c net: initialize init_net earlier 2022-02-06 11:04:29 +00:00
net-procfs.c net: extract a few internals from netdevice.h 2022-04-07 20:32:09 -07:00
net-sysfs.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-06-23 12:33:24 -07:00
net-sysfs.h
net-traces.c tcp: add tracepoint for checksum errors 2021-05-14 15:26:03 -07:00
netclassid_cgroup.c bpf, cgroups: Fix cgroup v2 fallback on v1/v2 mixed mode 2021-09-13 16:35:58 -07:00
netevent.c net: core: Correct function name netevent_unregister_notifier() in the kerneldoc 2021-03-28 17:56:56 -07:00
netpoll.c net: rename reference+tracking helpers 2022-06-09 21:52:55 -07:00
netprio_cgroup.c bpf, cgroups: Fix cgroup v2 fallback on v1/v2 mixed mode 2021-09-13 16:35:58 -07:00
of_net.c Revert "of: net: support NVMEM cells with MAC in text format" 2022-01-12 14:14:36 +00:00
page_pool.c net: page_pool: optimize page pool page allocation in NUMA scenario 2022-07-07 17:03:16 -07:00
pktgen.c net: rename reference+tracking helpers 2022-06-09 21:52:55 -07:00
ptp_classifier.c ptp: Add generic PTP is_sync() function 2022-03-07 11:31:34 +00:00
request_sock.c
rtnetlink.c net: allow gro_max_size to exceed 65536 2022-05-16 10:18:56 +01:00
scm.c memcg: enable accounting for scm_fp_list objects 2021-07-20 06:00:38 -07:00
secure_seq.c tcp: resalt the secret every 10 seconds 2022-05-04 19:22:21 -07:00
selftests.c net: core: constify mac addrs in selftests 2021-10-24 13:59:44 +01:00
skbuff.c net: minor optimization in __alloc_skb() 2022-07-08 14:21:08 +01:00
skmsg.c skmsg: Fix invalid last sg check in sk_msg_recvmsg() 2022-07-11 18:22:07 +02:00
sock_destructor.h skb_expand_head() adjust skb->truesize incorrectly 2021-10-22 12:35:51 -07:00
sock_diag.c net: Don't include filter.h from net/sock.h 2021-12-29 08:48:14 -08:00
sock_map.c bpf: Fix sockmap calling sleepable function in teardown path 2022-06-28 09:30:03 +02:00
sock_reuseport.c tcp: Add stats for socket migration. 2021-06-23 12:56:08 -07:00
sock.c tls: rx: periodically flush socket backlog 2022-07-06 12:56:35 +01:00
stream.c net: use WARN_ON_ONCE() in sk_stream_kill_queues() 2022-06-09 21:53:55 -07:00
sysctl_net_core.c Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2022-05-23 16:07:14 -07:00
timestamping.c
tso.c
utils.c net: core: Use csum_replace_by_diff() and csum_sub() instead of opencoding 2022-02-21 11:40:44 +00:00
xdp.c Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2022-03-22 11:18:49 -07:00