This is a note to let you know that I've just added the patch titled tcp: make tcp_read_sock() more robust to the 4.19-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: tcp-make-tcp_read_sock-more-robust.patch and it can be found in the queue-4.19 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit 0cee123a793a3bc51489c594cbc9c35bcf6a6588 Author: Eric Dumazet <edumazet@xxxxxxxxxx> Date: Wed Mar 2 08:17:23 2022 -0800 tcp: make tcp_read_sock() more robust [ Upstream commit e3d5ea2c011ecb16fb94c56a659364e6b30fac94 ] If recv_actor() returns an incorrect value, tcp_read_sock() might loop forever. Instead, issue a one time warning and make sure to make progress. Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx> Acked-by: John Fastabend <john.fastabend@xxxxxxxxx> Acked-by: Jakub Sitnicki <jakub@xxxxxxxxxxxxxx> Acked-by: Daniel Borkmann <daniel@xxxxxxxxxxxxx> Link: https://lore.kernel.org/r/20220302161723.3910001-2-eric.dumazet@xxxxxxxxx Signed-off-by: Jakub Kicinski <kuba@xxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index 4dce1b418acc..f7795488b0ad 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -1669,11 +1669,13 @@ int tcp_read_sock(struct sock *sk, read_descriptor_t *desc, if (!copied) copied = used; break; - } else if (used <= len) { - seq += used; - copied += used; - offset += used; } + if (WARN_ON_ONCE(used > len)) + used = len; + seq += used; + copied += used; + offset += used; + /* If recv_actor drops the lock (e.g. TCP splice * receive) the skb pointer might be invalid when * getting here: tcp_collapse might have deleted it