From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linuxfoundation.org ([140.211.169.12]:53164 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387619AbeHNUSm (ORCPT ); Tue, 14 Aug 2018 16:18:42 -0400 From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Daniel Borkmann , John Fastabend , Alexei Starovoitov Subject: [PATCH 4.17 09/97] bpf, sockmap: fix bpf_tcp_sendmsg sock error handling Date: Tue, 14 Aug 2018 19:16:21 +0200 Message-Id: <20180814171433.539404635@linuxfoundation.org> In-Reply-To: <20180814171433.160434170@linuxfoundation.org> References: <20180814171433.160434170@linuxfoundation.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: stable-owner@vger.kernel.org List-ID: 4.17-stable review patch. If anyone has any objections, please let me know. ------------------ From: Daniel Borkmann commit 5121700b346b6160ccc9411194e3f1f417c340d1 upstream. While working on bpf_tcp_sendmsg() code, I noticed that when a sk->sk_err is set we error out with err = sk->sk_err. However this is problematic since sk->sk_err is a positive error value and therefore we will neither go into sk_stream_error() nor will we report an error back to user space. I had this case with EPIPE and user space was thinking sendmsg() succeeded since EPIPE is a positive value, thinking we submitted 32 bytes. Fix it by negating the sk->sk_err value. Fixes: 4f738adba30a ("bpf: create tcp_bpf_ulp allowing BPF to monitor socket TX/RX data") Signed-off-by: Daniel Borkmann Acked-by: John Fastabend Signed-off-by: Alexei Starovoitov Signed-off-by: Greg Kroah-Hartman --- kernel/bpf/sockmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/kernel/bpf/sockmap.c +++ b/kernel/bpf/sockmap.c @@ -952,7 +952,7 @@ static int bpf_tcp_sendmsg(struct sock * int copy; if (sk->sk_err) { - err = sk->sk_err; + err = -sk->sk_err; goto out_err; }