| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 7 Aug 2022 20:31:06 -0700
From: Cong Wang <xiyou.wangcong@...il.com>
To: netdev@...r.kernel.org
Cc: bpf@...r.kernel.org, Cong Wang <cong.wang@...edance.com>,
Eric Dumazet <edumazet@...gle.com>,
John Fastabend <john.fastabend@...il.com>,
Jakub Sitnicki <jakub@...udflare.com>
Subject: [Patch net v2 4/4] tcp: handle pure FIN case correctly
From: Cong Wang <cong.wang@...edance.com>
When skb->len==0, the recv_actor() returns 0 too, but we also use 0
for error conditions. This patch amends this by propagating the errors
to tcp_read_skb() so that we can distinguish skb->len==0 case from
error cases.
Fixes: 04919bed948d ("tcp: Introduce tcp_read_skb()")
Reported-by: Eric Dumazet <edumazet@...gle.com>
Cc: John Fastabend <john.fastabend@...il.com>
Cc: Jakub Sitnicki <jakub@...udflare.com>
Signed-off-by: Cong Wang <cong.wang@...edance.com>
---
net/core/skmsg.c | 5 +++--
net/ipv4/tcp.c | 2 +-
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/net/core/skmsg.c b/net/core/skmsg.c
index 81627892bdd4..f0fa915cfe16 100644
--- a/net/core/skmsg.c
+++ b/net/core/skmsg.c
@@ -1193,8 +1193,9 @@ static int sk_psock_verdict_recv(struct sock *sk, struct sk_buff *skb)
ret = bpf_prog_run_pin_on_cpu(prog, skb);
ret = sk_psock_map_verd(ret, skb_bpf_redirect_fetch(skb));
}
- if (sk_psock_verdict_apply(psock, skb, ret) < 0)
- len = 0;
+ ret = sk_psock_verdict_apply(psock, skb, ret);
+ if (ret < 0)
+ len = ret;
out:
rcu_read_unlock();
return len;
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 5212a7512269..5e99ecf5515f 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -1766,7 +1766,7 @@ int tcp_read_skb(struct sock *sk, skb_read_actor_t recv_actor)
__skb_unlink(skb, &sk->sk_receive_queue);
WARN_ON(!skb_set_owner_sk_safe(skb, sk));
copied = recv_actor(sk, skb);
- if (copied > 0) {
+ if (copied >= 0) {
seq += copied;
if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN)
++seq;
--
2.34.1
Powered by blists - more mailing lists