MSG_PEEK regression in 3.18.22

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Commit ce76b83f3023 to 3.18.22 (backport of 89c22d8c3b27
["net: Fix skb csum races when peeking"] from 4.2) causes
the following failure:
a recv(MSG_PEEK) on an ipv6 UDP socket using a buffer length smaller than
the length of the actual UDP payload of a receivable packet fails with EFAULT.
I do not seen the same problem with ipv4. Also, I do not see it in 4.3 or 4.4.

The problem occurs in the following codepath after udp_lib_checksum_complete
in udpv6_recvmsg fails to set the skb's csum related fields:

udpv6_recvmsg
skb_copy_and_csum_datagram_iovec
skb_copy_datagram_iovec
memcpy_toiovec

It can be reproduced with the script below. After reverting ce76b83f3023
I do not see the failure any more.

#!/bin/python

import sys, os, socket, time

family = socket.AF_INET6
addr = "::1"
port = 1234

buf = "0123456789abcdef" * 8
buflen = len(buf) - 1

pid = os.fork()

if pid == 0:
   time.sleep(1)
   s = socket.socket(family, socket.SOCK_DGRAM)
   s.sendto(buf, (addr, port))
   sys.exit(0)

s = socket.socket(family, socket.SOCK_DGRAM)
s.bind((addr, port))
time.sleep(2)
buf = s.recv(buflen, socket.MSG_PEEK)
print "Received buffer of size %d: %s" % (len(buf), buf)

os.waitpid(pid, 0)
sys.exit(0)

--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]