From patchwork Wed Apr 10 17:10:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kuniyuki Iwashima X-Patchwork-Id: 13624862 X-Patchwork-Delegate: kuba@kernel.org Received: from smtp-fw-2101.amazon.com (smtp-fw-2101.amazon.com [72.21.196.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C9B4B17B4EB for ; Wed, 10 Apr 2024 17:10:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=72.21.196.25 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712769059; cv=none; b=kLEZU/kjMnkwJv5WLOj7XlqWVpqCGzD7DJXpW/qJUxHstV6TJFVCCFHqMwGfUGTuERcL3SB8qW+SxifC9Z36g0KnQYUvYD4WaLVLJi8kIn6uMDJRTeIexqSJdMtX57lkA5xcNlOFABQJdUZ+EbHJUXbOQq0OK+sMp83YCivi45o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712769059; c=relaxed/simple; bh=3DTl/U6C4+1nLY26IsYDt2KiRp/Ij0PXdwyqXSdMz7I=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ELZ7fbghqxQI5zIj+m/Lyc9f50vjJkWk3dBcYSXfJkhFbqU87f1muGVA+o2oEax/WKVftdTKWhR66DYERVNPOm9oeEsCM9bE3xAVfnQy++McObJxGOOGFycqaevL1U5mfbFPgdRxlfJpjVgoNoERmc5uKhrBk6/bqBE6QYl9Dmo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com; spf=pass smtp.mailfrom=amazon.co.jp; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b=B8KBToia; arc=none smtp.client-ip=72.21.196.25 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.co.jp Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amazon.com header.i=@amazon.com header.b="B8KBToia" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1712769058; x=1744305058; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=QYH7nc8crhLZJB6pl/pvZvHXOC0SPwVWlVX7SNz8QrY=; b=B8KBToiaEzN2eE/a010Tfrhnmh/zU91ca+5/16s82tsG5SZKcWjrtugl IvLJaRp4t1VGHqi5+7+mLVYnxb94xWK0GGibFtt2SaIdGcqb2QWxvtQmy 9iobwvLQi9qxmxtGYax/CktCpSMnNiuxwQ+uDoPhbhzaB2NM9l0f2okjm w=; X-IronPort-AV: E=Sophos;i="6.07,190,1708387200"; d="scan'208";a="393837005" Received: from iad12-co-svc-p1-lb1-vlan3.amazon.com (HELO smtpout.prod.us-west-2.prod.farcaster.email.amazon.dev) ([10.43.8.6]) by smtp-border-fw-2101.iad2.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Apr 2024 17:10:54 +0000 Received: from EX19MTAUWA002.ant.amazon.com [10.0.7.35:36120] by smtpin.naws.us-west-2.prod.farcaster.email.amazon.dev [10.0.50.203:2525] with esmtp (Farcaster) id b077b70d-239f-44bb-9be5-e4720ce8a3eb; Wed, 10 Apr 2024 17:10:53 +0000 (UTC) X-Farcaster-Flow-ID: b077b70d-239f-44bb-9be5-e4720ce8a3eb Received: from EX19D004ANA001.ant.amazon.com (10.37.240.138) by EX19MTAUWA002.ant.amazon.com (10.250.64.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Wed, 10 Apr 2024 17:10:53 +0000 Received: from 88665a182662.ant.amazon.com (10.187.170.44) by EX19D004ANA001.ant.amazon.com (10.37.240.138) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.28; Wed, 10 Apr 2024 17:10:50 +0000 From: Kuniyuki Iwashima To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni CC: Rao shoaib , Kuniyuki Iwashima , Kuniyuki Iwashima , Subject: [PATCH v2 net 1/2] af_unix: Call manage_oob() for every skb in unix_stream_read_generic(). Date: Wed, 10 Apr 2024 10:10:15 -0700 Message-ID: <20240410171016.7621-2-kuniyu@amazon.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20240410171016.7621-1-kuniyu@amazon.com> References: <20240410171016.7621-1-kuniyu@amazon.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: EX19D046UWB001.ant.amazon.com (10.13.139.187) To EX19D004ANA001.ant.amazon.com (10.37.240.138) X-Patchwork-Delegate: kuba@kernel.org When we call recv() for AF_UNIX socket, we first peek one skb and calls manage_oob() to check if the skb is sent with MSG_OOB. However, when we fetch the next (and the following) skb, manage_oob() is not called now, leading a wrong behaviour. Let's say a socket send()s "hello" with MSG_OOB and the peer tries to recv() 5 bytes with MSG_PEEK. Here, we should get only "hell" without 'o', but actually not: >>> from socket import * >>> c1, c2 = socketpair(AF_UNIX, SOCK_STREAM) >>> c1.send(b'hello', MSG_OOB) 5 >>> c2.recv(5, MSG_PEEK) b'hello' The first skb fills 4 bytes, and the next skb is peeked but not properly checked by manage_oob(). Let's move up the again label to call manage_oob() for evry skb. With this patch: >>> from socket import * >>> c1, c2 = socketpair(AF_UNIX, SOCK_STREAM) >>> c1.send(b'hello', MSG_OOB) 5 >>> c2.recv(5, MSG_PEEK) b'hell' Fixes: 314001f0bf92 ("af_unix: Add OOB support") Signed-off-by: Kuniyuki Iwashima Reviewed-by: Rao shoaib --- net/unix/af_unix.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c index d032eb5fa6df..f297320438bf 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c @@ -2741,6 +2741,7 @@ static int unix_stream_read_generic(struct unix_stream_read_state *state, last = skb = skb_peek(&sk->sk_receive_queue); last_len = last ? last->len : 0; +again: #if IS_ENABLED(CONFIG_AF_UNIX_OOB) if (skb) { skb = manage_oob(skb, sk, flags, copied); @@ -2752,7 +2753,6 @@ static int unix_stream_read_generic(struct unix_stream_read_state *state, } } #endif -again: if (skb == NULL) { if (copied >= target) goto unlock;