From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Eric Dumazet <edumazet@google.com>,
John Fastabend <john.fastabend@gmail.com>,
Jakub Sitnicki <jakub@cloudflare.com>,
Daniel Borkmann <daniel@iogearbox.net>,
Jakub Kicinski <kuba@kernel.org>, Sasha Levin <sashal@kernel.org>,
davem@davemloft.net, yoshfuji@linux-ipv6.org, dsahern@kernel.org,
netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 5.15 21/24] tcp: make tcp_read_sock() more robust
Date: Wed, 9 Mar 2022 11:19:40 -0500 [thread overview]
Message-ID: <20220309161946.136122-21-sashal@kernel.org> (raw)
In-Reply-To: <20220309161946.136122-1-sashal@kernel.org>
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit e3d5ea2c011ecb16fb94c56a659364e6b30fac94 ]
If recv_actor() returns an incorrect value, tcp_read_sock()
might loop forever.
Instead, issue a one time warning and make sure to make progress.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Acked-by: Jakub Sitnicki <jakub@cloudflare.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/r/20220302161723.3910001-2-eric.dumazet@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/tcp.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index f48f1059b31a..ef68d55e0944 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -1663,11 +1663,13 @@ int tcp_read_sock(struct sock *sk, read_descriptor_t *desc,
if (!copied)
copied = used;
break;
- } else if (used <= len) {
- seq += used;
- copied += used;
- offset += used;
}
+ if (WARN_ON_ONCE(used > len))
+ used = len;
+ seq += used;
+ copied += used;
+ offset += used;
+
/* If recv_actor drops the lock (e.g. TCP splice
* receive) the skb pointer might be invalid when
* getting here: tcp_collapse might have deleted it
--
2.34.1
next prev parent reply other threads:[~2022-03-09 16:32 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-09 16:19 [PATCH AUTOSEL 5.15 01/24] arm64: dts: rockchip: fix rk3399-puma-haikou USB OTG mode Sasha Levin
2022-03-09 16:19 ` Sasha Levin
2022-03-09 16:19 ` Sasha Levin
2022-03-09 16:19 ` [PATCH AUTOSEL 5.15 02/24] xfrm: Check if_id in xfrm_migrate Sasha Levin
2022-03-09 16:19 ` [PATCH AUTOSEL 5.15 03/24] xfrm: Fix xfrm migrate issues when address family changes Sasha Levin
2022-03-09 16:19 ` [PATCH AUTOSEL 5.15 04/24] arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity Sasha Levin
2022-03-09 16:19 ` Sasha Levin
2022-03-09 16:19 ` Sasha Levin
2022-03-09 16:19 ` [PATCH AUTOSEL 5.15 05/24] arm64: dts: rockchip: align pl330 node name with dtschema Sasha Levin
2022-03-09 16:19 ` Sasha Levin
2022-03-09 16:19 ` Sasha Levin
2022-03-09 16:19 ` [PATCH AUTOSEL 5.15 06/24] arm64: dts: rockchip: reorder rk3399 hdmi clocks Sasha Levin
2022-03-09 16:19 ` Sasha Levin
2022-03-09 16:19 ` Sasha Levin
2022-03-09 16:19 ` [PATCH AUTOSEL 5.15 07/24] arm64: dts: agilex: use the compatible "intel,socfpga-agilex-hsotg" Sasha Levin
2022-03-09 16:19 ` [PATCH AUTOSEL 5.15 08/24] ARM: dts: rockchip: reorder rk322x hmdi clocks Sasha Levin
2022-03-09 16:19 ` Sasha Levin
2022-03-09 16:19 ` Sasha Levin
2022-03-09 16:19 ` [PATCH AUTOSEL 5.15 09/24] ARM: dts: rockchip: fix a typo on rk3288 crypto-controller Sasha Levin
2022-03-09 16:19 ` Sasha Levin
2022-03-09 16:19 ` Sasha Levin
2022-03-09 16:19 ` [PATCH AUTOSEL 5.15 10/24] mac80211: refuse aggregations sessions before authorized Sasha Levin
2022-03-09 16:19 ` [PATCH AUTOSEL 5.15 11/24] MIPS: smp: fill in sibling and core maps earlier Sasha Levin
2022-03-09 16:19 ` [PATCH AUTOSEL 5.15 12/24] ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE Sasha Levin
2022-03-09 16:19 ` [PATCH AUTOSEL 5.15 13/24] Bluetooth: hci_core: Fix leaking sent_cmd skb Sasha Levin
2022-03-09 16:19 ` [PATCH AUTOSEL 5.15 14/24] can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready Sasha Levin
2022-03-09 16:19 ` [PATCH AUTOSEL 5.15 15/24] net: sparx5: Add #include to remove warning Sasha Levin
2022-03-09 16:19 ` Sasha Levin
2022-03-09 16:19 ` [PATCH AUTOSEL 5.15 16/24] atm: firestream: check the return value of ioremap() in fs_init() Sasha Levin
2022-03-09 16:19 ` [PATCH AUTOSEL 5.15 17/24] Input: goodix - workaround Cherry Trail devices with a bogus ACPI Interrupt() resource Sasha Levin
2022-03-09 16:19 ` [PATCH AUTOSEL 5.15 18/24] iwlwifi: don't advertise TWT support Sasha Levin
2022-03-09 16:19 ` [PATCH AUTOSEL 5.15 19/24] drm/vrr: Set VRR capable prop only if it is attached to connector Sasha Levin
2022-03-09 16:19 ` Sasha Levin
2022-03-09 16:19 ` [PATCH AUTOSEL 5.15 20/24] nl80211: Update bss channel on channel switch for P2P_CLIENT Sasha Levin
2022-03-09 16:19 ` Sasha Levin [this message]
2022-03-09 16:19 ` [PATCH AUTOSEL 5.15 22/24] sfc: extend the locking on mcdi->seqno Sasha Levin
2022-03-09 16:19 ` [PATCH AUTOSEL 5.15 23/24] bnx2: Fix an error message Sasha Levin
2022-03-09 16:19 ` [PATCH AUTOSEL 5.15 24/24] kselftest/vm: fix tests build with old libc Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220309161946.136122-21-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=edumazet@google.com \
--cc=jakub@cloudflare.com \
--cc=john.fastabend@gmail.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.