From: kernel test robot <lkp@intel.com>
To: kbuild@lists.01.org
Subject: Re: [net-next] tcp: Sanitize CMSG flags and reserved args in tcp_zerocopy_receive.
Date: Fri, 12 Feb 2021 10:28:11 +0800 [thread overview]
Message-ID: <202102121037.SdABHDHy-lkp@intel.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 27881 bytes --]
CC: kbuild-all(a)lists.01.org
In-Reply-To: <20210211212107.662291-1-arjunroy.kdev@gmail.com>
References: <20210211212107.662291-1-arjunroy.kdev@gmail.com>
TO: Arjun Roy <arjunroy.kdev@gmail.com>
TO: davem(a)davemloft.net
TO: netdev(a)vger.kernel.org
CC: arjunroy(a)google.com
CC: edumazet(a)google.com
CC: soheil(a)google.com
CC: David Ahern <dsahern@gmail.com>
CC: Leon Romanovsky <leon@kernel.org>
CC: Jakub Kicinski <kuba@kernel.org>
Hi Arjun,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on net-next/master]
url: https://github.com/0day-ci/linux/commits/Arjun-Roy/tcp-Sanitize-CMSG-flags-and-reserved-args-in-tcp_zerocopy_receive/20210212-052537
base: https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git e4b62cf7559f2ef9a022de235e5a09a8d7ded520
:::::: branch date: 5 hours ago
:::::: commit date: 5 hours ago
config: x86_64-randconfig-m001-20210209 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
smatch warnings:
net/ipv4/tcp.c:4158 do_tcp_getsockopt() warn: check for integer overflow 'len'
vim +/len +4158 net/ipv4/tcp.c
1c885808e45601 Francis Yan 2016-11-27 3895
3fdadf7d27e3fb Dmitry Mishin 2006-03-20 3896 static int do_tcp_getsockopt(struct sock *sk, int level,
3fdadf7d27e3fb Dmitry Mishin 2006-03-20 3897 int optname, char __user *optval, int __user *optlen)
^1da177e4c3f41 Linus Torvalds 2005-04-16 3898 {
295f7324ff8d9e Arnaldo Carvalho de Melo 2005-08-09 3899 struct inet_connection_sock *icsk = inet_csk(sk);
^1da177e4c3f41 Linus Torvalds 2005-04-16 3900 struct tcp_sock *tp = tcp_sk(sk);
6fa251663069e0 Nikolay Borisov 2016-02-03 3901 struct net *net = sock_net(sk);
^1da177e4c3f41 Linus Torvalds 2005-04-16 3902 int val, len;
^1da177e4c3f41 Linus Torvalds 2005-04-16 3903
^1da177e4c3f41 Linus Torvalds 2005-04-16 3904 if (get_user(len, optlen))
^1da177e4c3f41 Linus Torvalds 2005-04-16 3905 return -EFAULT;
^1da177e4c3f41 Linus Torvalds 2005-04-16 3906
^1da177e4c3f41 Linus Torvalds 2005-04-16 3907 len = min_t(unsigned int, len, sizeof(int));
^1da177e4c3f41 Linus Torvalds 2005-04-16 3908
^1da177e4c3f41 Linus Torvalds 2005-04-16 3909 if (len < 0)
^1da177e4c3f41 Linus Torvalds 2005-04-16 3910 return -EINVAL;
^1da177e4c3f41 Linus Torvalds 2005-04-16 3911
^1da177e4c3f41 Linus Torvalds 2005-04-16 3912 switch (optname) {
^1da177e4c3f41 Linus Torvalds 2005-04-16 3913 case TCP_MAXSEG:
c1b4a7e69576d6 David S. Miller 2005-07-05 3914 val = tp->mss_cache;
^1da177e4c3f41 Linus Torvalds 2005-04-16 3915 if (!val && ((1 << sk->sk_state) & (TCPF_CLOSE | TCPF_LISTEN)))
^1da177e4c3f41 Linus Torvalds 2005-04-16 3916 val = tp->rx_opt.user_mss;
5e6a3ce6573f0c Pavel Emelyanov 2012-04-19 3917 if (tp->repair)
5e6a3ce6573f0c Pavel Emelyanov 2012-04-19 3918 val = tp->rx_opt.mss_clamp;
^1da177e4c3f41 Linus Torvalds 2005-04-16 3919 break;
^1da177e4c3f41 Linus Torvalds 2005-04-16 3920 case TCP_NODELAY:
^1da177e4c3f41 Linus Torvalds 2005-04-16 3921 val = !!(tp->nonagle&TCP_NAGLE_OFF);
^1da177e4c3f41 Linus Torvalds 2005-04-16 3922 break;
^1da177e4c3f41 Linus Torvalds 2005-04-16 3923 case TCP_CORK:
^1da177e4c3f41 Linus Torvalds 2005-04-16 3924 val = !!(tp->nonagle&TCP_NAGLE_CORK);
^1da177e4c3f41 Linus Torvalds 2005-04-16 3925 break;
^1da177e4c3f41 Linus Torvalds 2005-04-16 3926 case TCP_KEEPIDLE:
df19a626770545 Eric Dumazet 2009-08-28 3927 val = keepalive_time_when(tp) / HZ;
^1da177e4c3f41 Linus Torvalds 2005-04-16 3928 break;
^1da177e4c3f41 Linus Torvalds 2005-04-16 3929 case TCP_KEEPINTVL:
df19a626770545 Eric Dumazet 2009-08-28 3930 val = keepalive_intvl_when(tp) / HZ;
^1da177e4c3f41 Linus Torvalds 2005-04-16 3931 break;
^1da177e4c3f41 Linus Torvalds 2005-04-16 3932 case TCP_KEEPCNT:
df19a626770545 Eric Dumazet 2009-08-28 3933 val = keepalive_probes(tp);
^1da177e4c3f41 Linus Torvalds 2005-04-16 3934 break;
^1da177e4c3f41 Linus Torvalds 2005-04-16 3935 case TCP_SYNCNT:
6fa251663069e0 Nikolay Borisov 2016-02-03 3936 val = icsk->icsk_syn_retries ? : net->ipv4.sysctl_tcp_syn_retries;
^1da177e4c3f41 Linus Torvalds 2005-04-16 3937 break;
^1da177e4c3f41 Linus Torvalds 2005-04-16 3938 case TCP_LINGER2:
^1da177e4c3f41 Linus Torvalds 2005-04-16 3939 val = tp->linger2;
^1da177e4c3f41 Linus Torvalds 2005-04-16 3940 if (val >= 0)
1e579caa18b96f Nikolay Borisov 2016-02-03 3941 val = (val ? : net->ipv4.sysctl_tcp_fin_timeout) / HZ;
^1da177e4c3f41 Linus Torvalds 2005-04-16 3942 break;
^1da177e4c3f41 Linus Torvalds 2005-04-16 3943 case TCP_DEFER_ACCEPT:
b103cf34382f26 Julian Anastasov 2009-10-19 3944 val = retrans_to_secs(icsk->icsk_accept_queue.rskq_defer_accept,
b103cf34382f26 Julian Anastasov 2009-10-19 3945 TCP_TIMEOUT_INIT / HZ, TCP_RTO_MAX / HZ);
^1da177e4c3f41 Linus Torvalds 2005-04-16 3946 break;
^1da177e4c3f41 Linus Torvalds 2005-04-16 3947 case TCP_WINDOW_CLAMP:
^1da177e4c3f41 Linus Torvalds 2005-04-16 3948 val = tp->window_clamp;
^1da177e4c3f41 Linus Torvalds 2005-04-16 3949 break;
^1da177e4c3f41 Linus Torvalds 2005-04-16 3950 case TCP_INFO: {
^1da177e4c3f41 Linus Torvalds 2005-04-16 3951 struct tcp_info info;
^1da177e4c3f41 Linus Torvalds 2005-04-16 3952
^1da177e4c3f41 Linus Torvalds 2005-04-16 3953 if (get_user(len, optlen))
^1da177e4c3f41 Linus Torvalds 2005-04-16 3954 return -EFAULT;
^1da177e4c3f41 Linus Torvalds 2005-04-16 3955
^1da177e4c3f41 Linus Torvalds 2005-04-16 3956 tcp_get_info(sk, &info);
^1da177e4c3f41 Linus Torvalds 2005-04-16 3957
^1da177e4c3f41 Linus Torvalds 2005-04-16 3958 len = min_t(unsigned int, len, sizeof(info));
^1da177e4c3f41 Linus Torvalds 2005-04-16 3959 if (put_user(len, optlen))
^1da177e4c3f41 Linus Torvalds 2005-04-16 3960 return -EFAULT;
^1da177e4c3f41 Linus Torvalds 2005-04-16 3961 if (copy_to_user(optval, &info, len))
^1da177e4c3f41 Linus Torvalds 2005-04-16 3962 return -EFAULT;
^1da177e4c3f41 Linus Torvalds 2005-04-16 3963 return 0;
^1da177e4c3f41 Linus Torvalds 2005-04-16 3964 }
6e9250f59ef9ef Eric Dumazet 2015-04-28 3965 case TCP_CC_INFO: {
6e9250f59ef9ef Eric Dumazet 2015-04-28 3966 const struct tcp_congestion_ops *ca_ops;
6e9250f59ef9ef Eric Dumazet 2015-04-28 3967 union tcp_cc_info info;
6e9250f59ef9ef Eric Dumazet 2015-04-28 3968 size_t sz = 0;
6e9250f59ef9ef Eric Dumazet 2015-04-28 3969 int attr;
6e9250f59ef9ef Eric Dumazet 2015-04-28 3970
6e9250f59ef9ef Eric Dumazet 2015-04-28 3971 if (get_user(len, optlen))
6e9250f59ef9ef Eric Dumazet 2015-04-28 3972 return -EFAULT;
6e9250f59ef9ef Eric Dumazet 2015-04-28 3973
6e9250f59ef9ef Eric Dumazet 2015-04-28 3974 ca_ops = icsk->icsk_ca_ops;
6e9250f59ef9ef Eric Dumazet 2015-04-28 3975 if (ca_ops && ca_ops->get_info)
6e9250f59ef9ef Eric Dumazet 2015-04-28 3976 sz = ca_ops->get_info(sk, ~0U, &attr, &info);
6e9250f59ef9ef Eric Dumazet 2015-04-28 3977
6e9250f59ef9ef Eric Dumazet 2015-04-28 3978 len = min_t(unsigned int, len, sz);
6e9250f59ef9ef Eric Dumazet 2015-04-28 3979 if (put_user(len, optlen))
6e9250f59ef9ef Eric Dumazet 2015-04-28 3980 return -EFAULT;
6e9250f59ef9ef Eric Dumazet 2015-04-28 3981 if (copy_to_user(optval, &info, len))
6e9250f59ef9ef Eric Dumazet 2015-04-28 3982 return -EFAULT;
6e9250f59ef9ef Eric Dumazet 2015-04-28 3983 return 0;
6e9250f59ef9ef Eric Dumazet 2015-04-28 3984 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 3985 case TCP_QUICKACK:
31954cd8bb6670 Wei Wang 2019-01-25 3986 val = !inet_csk_in_pingpong_mode(sk);
^1da177e4c3f41 Linus Torvalds 2005-04-16 3987 break;
5f8ef48d240963 Stephen Hemminger 2005-06-23 3988
5f8ef48d240963 Stephen Hemminger 2005-06-23 3989 case TCP_CONGESTION:
5f8ef48d240963 Stephen Hemminger 2005-06-23 3990 if (get_user(len, optlen))
5f8ef48d240963 Stephen Hemminger 2005-06-23 3991 return -EFAULT;
5f8ef48d240963 Stephen Hemminger 2005-06-23 3992 len = min_t(unsigned int, len, TCP_CA_NAME_MAX);
5f8ef48d240963 Stephen Hemminger 2005-06-23 3993 if (put_user(len, optlen))
5f8ef48d240963 Stephen Hemminger 2005-06-23 3994 return -EFAULT;
6687e988d9aeac Arnaldo Carvalho de Melo 2005-08-10 3995 if (copy_to_user(optval, icsk->icsk_ca_ops->name, len))
5f8ef48d240963 Stephen Hemminger 2005-06-23 3996 return -EFAULT;
5f8ef48d240963 Stephen Hemminger 2005-06-23 3997 return 0;
e56fb50f2b7958 William Allen Simpson 2009-12-02 3998
734942cc4ea647 Dave Watson 2017-06-14 3999 case TCP_ULP:
734942cc4ea647 Dave Watson 2017-06-14 4000 if (get_user(len, optlen))
734942cc4ea647 Dave Watson 2017-06-14 4001 return -EFAULT;
734942cc4ea647 Dave Watson 2017-06-14 4002 len = min_t(unsigned int, len, TCP_ULP_NAME_MAX);
d97af30f615eea Dave Watson 2017-06-26 4003 if (!icsk->icsk_ulp_ops) {
d97af30f615eea Dave Watson 2017-06-26 4004 if (put_user(0, optlen))
d97af30f615eea Dave Watson 2017-06-26 4005 return -EFAULT;
d97af30f615eea Dave Watson 2017-06-26 4006 return 0;
d97af30f615eea Dave Watson 2017-06-26 4007 }
734942cc4ea647 Dave Watson 2017-06-14 4008 if (put_user(len, optlen))
734942cc4ea647 Dave Watson 2017-06-14 4009 return -EFAULT;
734942cc4ea647 Dave Watson 2017-06-14 4010 if (copy_to_user(optval, icsk->icsk_ulp_ops->name, len))
734942cc4ea647 Dave Watson 2017-06-14 4011 return -EFAULT;
734942cc4ea647 Dave Watson 2017-06-14 4012 return 0;
734942cc4ea647 Dave Watson 2017-06-14 4013
1fba70e5b6bed5 Yuchung Cheng 2017-10-18 4014 case TCP_FASTOPEN_KEY: {
f19008e676366c Jason Baron 2020-08-10 4015 u64 key[TCP_FASTOPEN_KEY_BUF_LENGTH / sizeof(u64)];
f19008e676366c Jason Baron 2020-08-10 4016 unsigned int key_len;
1fba70e5b6bed5 Yuchung Cheng 2017-10-18 4017
1fba70e5b6bed5 Yuchung Cheng 2017-10-18 4018 if (get_user(len, optlen))
1fba70e5b6bed5 Yuchung Cheng 2017-10-18 4019 return -EFAULT;
1fba70e5b6bed5 Yuchung Cheng 2017-10-18 4020
f19008e676366c Jason Baron 2020-08-10 4021 key_len = tcp_fastopen_get_cipher(net, icsk, key) *
0f1ce0236865e8 Jason Baron 2019-05-29 4022 TCP_FASTOPEN_KEY_LENGTH;
0f1ce0236865e8 Jason Baron 2019-05-29 4023 len = min_t(unsigned int, len, key_len);
1fba70e5b6bed5 Yuchung Cheng 2017-10-18 4024 if (put_user(len, optlen))
1fba70e5b6bed5 Yuchung Cheng 2017-10-18 4025 return -EFAULT;
1fba70e5b6bed5 Yuchung Cheng 2017-10-18 4026 if (copy_to_user(optval, key, len))
1fba70e5b6bed5 Yuchung Cheng 2017-10-18 4027 return -EFAULT;
1fba70e5b6bed5 Yuchung Cheng 2017-10-18 4028 return 0;
1fba70e5b6bed5 Yuchung Cheng 2017-10-18 4029 }
3c0fef0b7d36e5 Josh Hunt 2010-07-30 4030 case TCP_THIN_LINEAR_TIMEOUTS:
3c0fef0b7d36e5 Josh Hunt 2010-07-30 4031 val = tp->thin_lto;
3c0fef0b7d36e5 Josh Hunt 2010-07-30 4032 break;
4a7f6009441144 Yuchung Cheng 2017-01-12 4033
3c0fef0b7d36e5 Josh Hunt 2010-07-30 4034 case TCP_THIN_DUPACK:
4a7f6009441144 Yuchung Cheng 2017-01-12 4035 val = 0;
3c0fef0b7d36e5 Josh Hunt 2010-07-30 4036 break;
dca43c75e7e545 Jerry Chu 2010-08-27 4037
ee9952831cfd0b Pavel Emelyanov 2012-04-19 4038 case TCP_REPAIR:
ee9952831cfd0b Pavel Emelyanov 2012-04-19 4039 val = tp->repair;
ee9952831cfd0b Pavel Emelyanov 2012-04-19 4040 break;
ee9952831cfd0b Pavel Emelyanov 2012-04-19 4041
ee9952831cfd0b Pavel Emelyanov 2012-04-19 4042 case TCP_REPAIR_QUEUE:
ee9952831cfd0b Pavel Emelyanov 2012-04-19 4043 if (tp->repair)
ee9952831cfd0b Pavel Emelyanov 2012-04-19 4044 val = tp->repair_queue;
ee9952831cfd0b Pavel Emelyanov 2012-04-19 4045 else
ee9952831cfd0b Pavel Emelyanov 2012-04-19 4046 return -EINVAL;
ee9952831cfd0b Pavel Emelyanov 2012-04-19 4047 break;
ee9952831cfd0b Pavel Emelyanov 2012-04-19 4048
b1ed4c4fa9a5cc Andrey Vagin 2016-06-27 4049 case TCP_REPAIR_WINDOW: {
b1ed4c4fa9a5cc Andrey Vagin 2016-06-27 4050 struct tcp_repair_window opt;
b1ed4c4fa9a5cc Andrey Vagin 2016-06-27 4051
b1ed4c4fa9a5cc Andrey Vagin 2016-06-27 4052 if (get_user(len, optlen))
b1ed4c4fa9a5cc Andrey Vagin 2016-06-27 4053 return -EFAULT;
b1ed4c4fa9a5cc Andrey Vagin 2016-06-27 4054
b1ed4c4fa9a5cc Andrey Vagin 2016-06-27 4055 if (len != sizeof(opt))
b1ed4c4fa9a5cc Andrey Vagin 2016-06-27 4056 return -EINVAL;
b1ed4c4fa9a5cc Andrey Vagin 2016-06-27 4057
b1ed4c4fa9a5cc Andrey Vagin 2016-06-27 4058 if (!tp->repair)
b1ed4c4fa9a5cc Andrey Vagin 2016-06-27 4059 return -EPERM;
b1ed4c4fa9a5cc Andrey Vagin 2016-06-27 4060
b1ed4c4fa9a5cc Andrey Vagin 2016-06-27 4061 opt.snd_wl1 = tp->snd_wl1;
b1ed4c4fa9a5cc Andrey Vagin 2016-06-27 4062 opt.snd_wnd = tp->snd_wnd;
b1ed4c4fa9a5cc Andrey Vagin 2016-06-27 4063 opt.max_window = tp->max_window;
b1ed4c4fa9a5cc Andrey Vagin 2016-06-27 4064 opt.rcv_wnd = tp->rcv_wnd;
b1ed4c4fa9a5cc Andrey Vagin 2016-06-27 4065 opt.rcv_wup = tp->rcv_wup;
b1ed4c4fa9a5cc Andrey Vagin 2016-06-27 4066
b1ed4c4fa9a5cc Andrey Vagin 2016-06-27 4067 if (copy_to_user(optval, &opt, len))
b1ed4c4fa9a5cc Andrey Vagin 2016-06-27 4068 return -EFAULT;
b1ed4c4fa9a5cc Andrey Vagin 2016-06-27 4069 return 0;
b1ed4c4fa9a5cc Andrey Vagin 2016-06-27 4070 }
ee9952831cfd0b Pavel Emelyanov 2012-04-19 4071 case TCP_QUEUE_SEQ:
ee9952831cfd0b Pavel Emelyanov 2012-04-19 4072 if (tp->repair_queue == TCP_SEND_QUEUE)
ee9952831cfd0b Pavel Emelyanov 2012-04-19 4073 val = tp->write_seq;
ee9952831cfd0b Pavel Emelyanov 2012-04-19 4074 else if (tp->repair_queue == TCP_RECV_QUEUE)
ee9952831cfd0b Pavel Emelyanov 2012-04-19 4075 val = tp->rcv_nxt;
ee9952831cfd0b Pavel Emelyanov 2012-04-19 4076 else
ee9952831cfd0b Pavel Emelyanov 2012-04-19 4077 return -EINVAL;
ee9952831cfd0b Pavel Emelyanov 2012-04-19 4078 break;
ee9952831cfd0b Pavel Emelyanov 2012-04-19 4079
dca43c75e7e545 Jerry Chu 2010-08-27 4080 case TCP_USER_TIMEOUT:
9bcc66e1983d10 Jon Maxwell 2018-07-19 4081 val = icsk->icsk_user_timeout;
dca43c75e7e545 Jerry Chu 2010-08-27 4082 break;
1536e2857bd38e Kenjiro Nakayama 2014-04-17 4083
1536e2857bd38e Kenjiro Nakayama 2014-04-17 4084 case TCP_FASTOPEN:
0536fcc039a892 Eric Dumazet 2015-09-29 4085 val = icsk->icsk_accept_queue.fastopenq.max_qlen;
1536e2857bd38e Kenjiro Nakayama 2014-04-17 4086 break;
1536e2857bd38e Kenjiro Nakayama 2014-04-17 4087
19f6d3f3c8422d Wei Wang 2017-01-23 4088 case TCP_FASTOPEN_CONNECT:
19f6d3f3c8422d Wei Wang 2017-01-23 4089 val = tp->fastopen_connect;
19f6d3f3c8422d Wei Wang 2017-01-23 4090 break;
19f6d3f3c8422d Wei Wang 2017-01-23 4091
71c02379c762cb Christoph Paasch 2017-10-23 4092 case TCP_FASTOPEN_NO_COOKIE:
71c02379c762cb Christoph Paasch 2017-10-23 4093 val = tp->fastopen_no_cookie;
71c02379c762cb Christoph Paasch 2017-10-23 4094 break;
71c02379c762cb Christoph Paasch 2017-10-23 4095
a842fe1425cb20 Eric Dumazet 2019-06-12 4096 case TCP_TX_DELAY:
a842fe1425cb20 Eric Dumazet 2019-06-12 4097 val = tp->tcp_tx_delay;
a842fe1425cb20 Eric Dumazet 2019-06-12 4098 break;
a842fe1425cb20 Eric Dumazet 2019-06-12 4099
93be6ce0e91b6a Andrey Vagin 2013-02-11 4100 case TCP_TIMESTAMP:
9a568de4818dea Eric Dumazet 2017-05-16 4101 val = tcp_time_stamp_raw() + tp->tsoffset;
93be6ce0e91b6a Andrey Vagin 2013-02-11 4102 break;
c9bee3b7fdecb0 Eric Dumazet 2013-07-22 4103 case TCP_NOTSENT_LOWAT:
c9bee3b7fdecb0 Eric Dumazet 2013-07-22 4104 val = tp->notsent_lowat;
c9bee3b7fdecb0 Eric Dumazet 2013-07-22 4105 break;
b75eba76d3d72e Soheil Hassas Yeganeh 2018-05-01 4106 case TCP_INQ:
b75eba76d3d72e Soheil Hassas Yeganeh 2018-05-01 4107 val = tp->recvmsg_inq;
b75eba76d3d72e Soheil Hassas Yeganeh 2018-05-01 4108 break;
cd8ae85299d541 Eric Dumazet 2015-05-03 4109 case TCP_SAVE_SYN:
cd8ae85299d541 Eric Dumazet 2015-05-03 4110 val = tp->save_syn;
cd8ae85299d541 Eric Dumazet 2015-05-03 4111 break;
cd8ae85299d541 Eric Dumazet 2015-05-03 4112 case TCP_SAVED_SYN: {
cd8ae85299d541 Eric Dumazet 2015-05-03 4113 if (get_user(len, optlen))
cd8ae85299d541 Eric Dumazet 2015-05-03 4114 return -EFAULT;
cd8ae85299d541 Eric Dumazet 2015-05-03 4115
cd8ae85299d541 Eric Dumazet 2015-05-03 4116 lock_sock(sk);
cd8ae85299d541 Eric Dumazet 2015-05-03 4117 if (tp->saved_syn) {
70a217f1976f75 Martin KaFai Lau 2020-08-20 4118 if (len < tcp_saved_syn_len(tp->saved_syn)) {
70a217f1976f75 Martin KaFai Lau 2020-08-20 4119 if (put_user(tcp_saved_syn_len(tp->saved_syn),
70a217f1976f75 Martin KaFai Lau 2020-08-20 4120 optlen)) {
aea0929e516a1f Eric B Munson 2015-05-18 4121 release_sock(sk);
aea0929e516a1f Eric B Munson 2015-05-18 4122 return -EFAULT;
aea0929e516a1f Eric B Munson 2015-05-18 4123 }
aea0929e516a1f Eric B Munson 2015-05-18 4124 release_sock(sk);
aea0929e516a1f Eric B Munson 2015-05-18 4125 return -EINVAL;
aea0929e516a1f Eric B Munson 2015-05-18 4126 }
70a217f1976f75 Martin KaFai Lau 2020-08-20 4127 len = tcp_saved_syn_len(tp->saved_syn);
cd8ae85299d541 Eric Dumazet 2015-05-03 4128 if (put_user(len, optlen)) {
cd8ae85299d541 Eric Dumazet 2015-05-03 4129 release_sock(sk);
cd8ae85299d541 Eric Dumazet 2015-05-03 4130 return -EFAULT;
cd8ae85299d541 Eric Dumazet 2015-05-03 4131 }
70a217f1976f75 Martin KaFai Lau 2020-08-20 4132 if (copy_to_user(optval, tp->saved_syn->data, len)) {
cd8ae85299d541 Eric Dumazet 2015-05-03 4133 release_sock(sk);
cd8ae85299d541 Eric Dumazet 2015-05-03 4134 return -EFAULT;
cd8ae85299d541 Eric Dumazet 2015-05-03 4135 }
cd8ae85299d541 Eric Dumazet 2015-05-03 4136 tcp_saved_syn_free(tp);
cd8ae85299d541 Eric Dumazet 2015-05-03 4137 release_sock(sk);
cd8ae85299d541 Eric Dumazet 2015-05-03 4138 } else {
cd8ae85299d541 Eric Dumazet 2015-05-03 4139 release_sock(sk);
cd8ae85299d541 Eric Dumazet 2015-05-03 4140 len = 0;
cd8ae85299d541 Eric Dumazet 2015-05-03 4141 if (put_user(len, optlen))
cd8ae85299d541 Eric Dumazet 2015-05-03 4142 return -EFAULT;
cd8ae85299d541 Eric Dumazet 2015-05-03 4143 }
cd8ae85299d541 Eric Dumazet 2015-05-03 4144 return 0;
cd8ae85299d541 Eric Dumazet 2015-05-03 4145 }
05255b823a6173 Eric Dumazet 2018-04-27 4146 #ifdef CONFIG_MMU
05255b823a6173 Eric Dumazet 2018-04-27 4147 case TCP_ZEROCOPY_RECEIVE: {
7eeba1706eba6d Arjun Roy 2021-01-20 4148 struct scm_timestamping_internal tss;
e0fecb289ad3fd Arjun Roy 2020-12-10 4149 struct tcp_zerocopy_receive zc = {};
05255b823a6173 Eric Dumazet 2018-04-27 4150 int err;
05255b823a6173 Eric Dumazet 2018-04-27 4151
05255b823a6173 Eric Dumazet 2018-04-27 4152 if (get_user(len, optlen))
05255b823a6173 Eric Dumazet 2018-04-27 4153 return -EFAULT;
c8856c05145490 Arjun Roy 2020-02-14 4154 if (len < offsetofend(struct tcp_zerocopy_receive, length))
05255b823a6173 Eric Dumazet 2018-04-27 4155 return -EINVAL;
110912bdf28392 Arjun Roy 2021-02-11 4156 if (unlikely(len > sizeof(zc))) {
110912bdf28392 Arjun Roy 2021-02-11 4157 err = check_zeroed_user(optval + sizeof(zc),
110912bdf28392 Arjun Roy 2021-02-11 @4158 len - sizeof(zc));
110912bdf28392 Arjun Roy 2021-02-11 4159 if (err < 1)
110912bdf28392 Arjun Roy 2021-02-11 4160 return err == 0 ? -EINVAL : err;
c8856c05145490 Arjun Roy 2020-02-14 4161 len = sizeof(zc);
0b7f41f68710cc Arjun Roy 2020-02-25 4162 if (put_user(len, optlen))
0b7f41f68710cc Arjun Roy 2020-02-25 4163 return -EFAULT;
0b7f41f68710cc Arjun Roy 2020-02-25 4164 }
05255b823a6173 Eric Dumazet 2018-04-27 4165 if (copy_from_user(&zc, optval, len))
05255b823a6173 Eric Dumazet 2018-04-27 4166 return -EFAULT;
110912bdf28392 Arjun Roy 2021-02-11 4167 if (zc.reserved)
110912bdf28392 Arjun Roy 2021-02-11 4168 return -EINVAL;
110912bdf28392 Arjun Roy 2021-02-11 4169 if (zc.msg_flags & ~(TCP_VALID_ZC_MSG_FLAGS))
110912bdf28392 Arjun Roy 2021-02-11 4170 return -EINVAL;
05255b823a6173 Eric Dumazet 2018-04-27 4171 lock_sock(sk);
7eeba1706eba6d Arjun Roy 2021-01-20 4172 err = tcp_zerocopy_receive(sk, &zc, &tss);
05255b823a6173 Eric Dumazet 2018-04-27 4173 release_sock(sk);
7eeba1706eba6d Arjun Roy 2021-01-20 4174 if (len >= offsetofend(struct tcp_zerocopy_receive, msg_flags))
7eeba1706eba6d Arjun Roy 2021-01-20 4175 goto zerocopy_rcv_cmsg;
c8856c05145490 Arjun Roy 2020-02-14 4176 switch (len) {
7eeba1706eba6d Arjun Roy 2021-01-20 4177 case offsetofend(struct tcp_zerocopy_receive, msg_flags):
7eeba1706eba6d Arjun Roy 2021-01-20 4178 goto zerocopy_rcv_cmsg;
7eeba1706eba6d Arjun Roy 2021-01-20 4179 case offsetofend(struct tcp_zerocopy_receive, msg_controllen):
7eeba1706eba6d Arjun Roy 2021-01-20 4180 case offsetofend(struct tcp_zerocopy_receive, msg_control):
7eeba1706eba6d Arjun Roy 2021-01-20 4181 case offsetofend(struct tcp_zerocopy_receive, flags):
7eeba1706eba6d Arjun Roy 2021-01-20 4182 case offsetofend(struct tcp_zerocopy_receive, copybuf_len):
7eeba1706eba6d Arjun Roy 2021-01-20 4183 case offsetofend(struct tcp_zerocopy_receive, copybuf_address):
33946518d493cd Arjun Roy 2020-02-14 4184 case offsetofend(struct tcp_zerocopy_receive, err):
33946518d493cd Arjun Roy 2020-02-14 4185 goto zerocopy_rcv_sk_err;
c8856c05145490 Arjun Roy 2020-02-14 4186 case offsetofend(struct tcp_zerocopy_receive, inq):
c8856c05145490 Arjun Roy 2020-02-14 4187 goto zerocopy_rcv_inq;
c8856c05145490 Arjun Roy 2020-02-14 4188 case offsetofend(struct tcp_zerocopy_receive, length):
c8856c05145490 Arjun Roy 2020-02-14 4189 default:
c8856c05145490 Arjun Roy 2020-02-14 4190 goto zerocopy_rcv_out;
c8856c05145490 Arjun Roy 2020-02-14 4191 }
7eeba1706eba6d Arjun Roy 2021-01-20 4192 zerocopy_rcv_cmsg:
7eeba1706eba6d Arjun Roy 2021-01-20 4193 if (zc.msg_flags & TCP_CMSG_TS)
7eeba1706eba6d Arjun Roy 2021-01-20 4194 tcp_zc_finalize_rx_tstamp(sk, &zc, &tss);
7eeba1706eba6d Arjun Roy 2021-01-20 4195 else
7eeba1706eba6d Arjun Roy 2021-01-20 4196 zc.msg_flags = 0;
33946518d493cd Arjun Roy 2020-02-14 4197 zerocopy_rcv_sk_err:
33946518d493cd Arjun Roy 2020-02-14 4198 if (!err)
33946518d493cd Arjun Roy 2020-02-14 4199 zc.err = sock_error(sk);
c8856c05145490 Arjun Roy 2020-02-14 4200 zerocopy_rcv_inq:
c8856c05145490 Arjun Roy 2020-02-14 4201 zc.inq = tcp_inq_hint(sk);
c8856c05145490 Arjun Roy 2020-02-14 4202 zerocopy_rcv_out:
05255b823a6173 Eric Dumazet 2018-04-27 4203 if (!err && copy_to_user(optval, &zc, len))
05255b823a6173 Eric Dumazet 2018-04-27 4204 err = -EFAULT;
05255b823a6173 Eric Dumazet 2018-04-27 4205 return err;
05255b823a6173 Eric Dumazet 2018-04-27 4206 }
05255b823a6173 Eric Dumazet 2018-04-27 4207 #endif
^1da177e4c3f41 Linus Torvalds 2005-04-16 4208 default:
^1da177e4c3f41 Linus Torvalds 2005-04-16 4209 return -ENOPROTOOPT;
3ff50b7997fe06 Stephen Hemminger 2007-04-20 4210 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 4211
^1da177e4c3f41 Linus Torvalds 2005-04-16 4212 if (put_user(len, optlen))
^1da177e4c3f41 Linus Torvalds 2005-04-16 4213 return -EFAULT;
^1da177e4c3f41 Linus Torvalds 2005-04-16 4214 if (copy_to_user(optval, &val, len))
^1da177e4c3f41 Linus Torvalds 2005-04-16 4215 return -EFAULT;
^1da177e4c3f41 Linus Torvalds 2005-04-16 4216 return 0;
^1da177e4c3f41 Linus Torvalds 2005-04-16 4217 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 4218
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 29600 bytes --]
next reply other threads:[~2021-02-12 2:28 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-12 2:28 kernel test robot [this message]
-- strict thread matches above, loose matches on Subject: below --
2021-02-11 21:21 [net-next] tcp: Sanitize CMSG flags and reserved args in tcp_zerocopy_receive Arjun Roy
2021-02-12 2:08 ` Jakub Kicinski
2021-02-12 3:10 ` patchwork-bot+netdevbpf
2021-02-15 12:03 ` Dan Carpenter
2021-02-15 12:03 ` Dan Carpenter
2021-02-15 12:03 ` Dan Carpenter
2021-02-15 15:04 ` David Ahern
2021-02-15 16:02 ` Dan Carpenter
2021-02-15 16:02 ` Dan Carpenter
2021-02-15 16:02 ` Dan Carpenter
2021-02-25 22:59 ` Arjun Roy
2021-02-25 23:00 ` Arjun Roy
2021-02-25 23:00 ` Arjun Roy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202102121037.SdABHDHy-lkp@intel.com \
--to=lkp@intel.com \
--cc=kbuild@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.