Commit 197c949e authored by Eric Dumazet's avatar Eric Dumazet Committed by David S. Miller
Browse files

udp: properly support MSG_PEEK with truncated buffers 



Backport of this upstream commit into stable kernels :
89c22d8c ("net: Fix skb csum races when peeking")
exposed a bug in udp stack vs MSG_PEEK support, when user provides
a buffer smaller than skb payload.

In this case,
skb_copy_and_csum_datagram_iovec(skb, sizeof(struct udphdr),
                                 msg->msg_iov);
returns -EFAULT.

This bug does not happen in upstream kernels since Al Viro did a great
job to replace this into :
skb_copy_and_csum_datagram_msg(skb, sizeof(struct udphdr), msg);
This variant is safe vs short buffers.

For the time being, instead reverting Herbert Xu patch and add back
skb->ip_summed invalid changes, simply store the result of
udp_lib_checksum_complete() so that we avoid computing the checksum a
second time, and avoid the problematic
skb_copy_and_csum_datagram_iovec() call.

This patch can be applied on recent kernels as it avoids a double
checksumming, then backported to stable kernels as a bug fix.

Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Acked-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 815bc580

net/ipv4/udp.c

+4 −2
Original line number Diff line number Diff line
@@ -1271,6 +1271,7 @@ int udp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, int noblock, 
	int peeked, off = 0;

	int err;

	int is_udplite = IS_UDPLITE(sk);

	bool checksum_valid = false;

	bool slow;



	if (flags & MSG_ERRQUEUE)
@@ -1296,11 +1297,12 @@ try_again: 
	 */



	if (copied < ulen || UDP_SKB_CB(skb)->partial_cov) {

		if (udp_lib_checksum_complete(skb))

		checksum_valid = !udp_lib_checksum_complete(skb);

		if (!checksum_valid)

			goto csum_copy_err;

	}



	if (skb_csum_unnecessary(skb))

	if (checksum_valid || skb_csum_unnecessary(skb))

		err = skb_copy_datagram_msg(skb, sizeof(struct udphdr),

					    msg, copied);

	else {

net/ipv6/udp.c

+4 −2
Original line number Diff line number Diff line
@@ -402,6 +402,7 @@ int udpv6_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, 
	int peeked, off = 0;

	int err;

	int is_udplite = IS_UDPLITE(sk);

	bool checksum_valid = false;

	int is_udp4;

	bool slow;
@@ -433,11 +434,12 @@ try_again: 
	 */



	if (copied < ulen || UDP_SKB_CB(skb)->partial_cov) {

		if (udp_lib_checksum_complete(skb))

		checksum_valid = !udp_lib_checksum_complete(skb);

		if (!checksum_valid)

			goto csum_copy_err;

	}



	if (skb_csum_unnecessary(skb))

	if (checksum_valid || skb_csum_unnecessary(skb))

		err = skb_copy_datagram_msg(skb, sizeof(struct udphdr),

					    msg, copied);

	else {

CRA Git | Maintained and supported by SUSTech CRA and CCSE