diff options
| author | Ariel Yin <ayin@google.com> | 2017-02-09 16:15:18 -0800 |
|---|---|---|
| committer | Ariel Yin <ayin@google.com> | 2017-02-14 22:19:43 +0000 |
| commit | ada5339f7f59f8b62817fbda7f0c2e2c3e81b3d9 (patch) | |
| tree | e6ceabd7659c09bd2c3e9dddd24984b4ad41bfd1 /net/lapb/lapb_subr.c | |
| parent | 2825b51263791f35cb76896d10e3fc85e62d643b (diff) | |
UPSTREAM: udp: properly support MSG_PEEK with truncated buffers
commit 197c949e7798fbf28cfadc69d9ca0c2abbf93191 upstream.
Backport of this upstream commit into stable kernels :
89c22d8c3b27 ("net: Fix skb csum races when peeking")
exposed a bug in udp stack vs MSG_PEEK support, when user provides
a buffer smaller than skb payload.
In this case,
skb_copy_and_csum_datagram_iovec(skb, sizeof(struct udphdr),
msg->msg_iov);
returns -EFAULT.
This bug does not happen in upstream kernels since Al Viro did a great job to replace this into :
skb_copy_and_csum_datagram_msg(skb,sizeof(struct udphdr), msg);
This variant is safe vs short buffers.
For the time being, instead reverting Herbert Xu patch and add back
skb->ip_summed invalid changes, simply store the result of
udp_lib_checksum_complete() so that we avoid computing the checksum a
second time, and avoid the problematic skb_copy_and_csum_datagram_iovec() call.
This patch can be applied on recent kernels as it avoids a double
checksumming, then backported to stable kernels as a bug fix.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
[ luis: backported to 3.16: adjusted context ]
Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
Signed-off-by: Charles (Chas) Williams <ciwillia@brocade.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit 98f57e42cab062608cf3dce2b8eecbb2a0780ac4)
Bug: 32813456
Change-Id: I0ed569f72b2caf368c4413ac565073ff17492ea8
Diffstat (limited to 'net/lapb/lapb_subr.c')
0 files changed, 0 insertions, 0 deletions