On Sat, Jan 2, 2016 at 2:02 PM, Francesco Ruggeri <fruggeri@xxxxxxxxxxxxxxxxxx> wrote: > Commit ce76b83f3023 to 3.18.22 (backport of 89c22d8c3b27 > ["net: Fix skb csum races when peeking"] from 4.2) causes > the following failure: > a recv(MSG_PEEK) on an ipv6 UDP socket using a buffer length smaller than > the length of the actual UDP payload of a receivable packet fails with EFAULT. > I do not seen the same problem with ipv4. Also, I do not see it in 4.3 or 4.4. > > The problem occurs in the following codepath after udp_lib_checksum_complete > in udpv6_recvmsg fails to set the skb's csum related fields: > > udpv6_recvmsg > skb_copy_and_csum_datagram_iovec > skb_copy_datagram_iovec > memcpy_toiovec > > It can be reproduced with the script below. After reverting ce76b83f3023 > I do not see the failure any more. > > #!/bin/python > > import sys, os, socket, time > > family = socket.AF_INET6 > addr = "::1" > port = 1234 > > buf = "0123456789abcdef" * 8 > buflen = len(buf) - 1 > > pid = os.fork() > > if pid == 0: > time.sleep(1) > s = socket.socket(family, socket.SOCK_DGRAM) > s.sendto(buf, (addr, port)) > sys.exit(0) > > s = socket.socket(family, socket.SOCK_DGRAM) > s.bind((addr, port)) > time.sleep(2) > buf = s.recv(buflen, socket.MSG_PEEK) > print "Received buffer of size %d: %s" % (len(buf), buf) > > os.waitpid(pid, 0) > sys.exit(0) > I believe a fix is under review. https://patchwork.ozlabs.org/patch/561746/ -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html