| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 04 Jul 2021 15:10:28 +0200
From: Jakub Sitnicki <jakub@...udflare.com>
To: John Fastabend <john.fastabend@...il.com>
Cc: Cong Wang <xiyou.wangcong@...il.com>, netdev@...r.kernel.org,
bpf@...r.kernel.org, Cong Wang <cong.wang@...edance.com>,
Jiang Wang <jiang.wang@...edance.com>,
Daniel Borkmann <daniel@...earbox.net>,
"Lorenz Bauer" <lmb@...udflare.com>
Subject: Re: [Patch bpf v2] skmsg: check sk_rcvbuf limit before queuing to
ingress_skb
On Sat, Jul 03, 2021 at 07:52 PM CEST, Jakub Sitnicki wrote:
[...]
> Then there is the case when a parser prog is attached. In this case the
> skb is really gone if we drop it on redirect.
>
> In sk_psock_strp_read, we ignore the -EIO error from
> sk_psock_verdict_apply, and return to tcp_read_sock how many bytes have
> been parsed.
>
> sk->sk_data_ready
> sk_psock_verdict_data_ready
> ->read_sock(..., sk_psock_verdict_recv)
> tcp_read_sock (used = copied = eaten)
> strp_recv -> ret = eaten
> __strp_recv -> ret = eaten
> strp->cb.rcv_msg -> -EIO
> sk_psock_verdict_apply -> -EIO
> sk_psock_redirect -> -EIO
Copy-paste error. The call chain for the parser case goes as so:
sk->sk_data_ready
sk_psock_strp_data_ready
strp_data_ready
strp_read_sock
->read_sock(..., strp_recv)
tcp_read_sock (used = copied = skb->len)
strp_recv -> ret = skb->len
__strp_recv -> ret = skb->len (dummy parser case)
strp->cb.rcv_msg -> -EIO
sk_psock_verdict_apply -> -EIO
sk_psock_redirect -> -EIO
Powered by blists - more mailing lists