diff options
| author | John Fastabend <[email protected]> | 2023-09-25 20:52:59 -0700 |
|---|---|---|
| committer | Daniel Borkmann <[email protected]> | 2023-09-29 17:05:00 +0200 |
| commit | da9e915eaf5dadb1963b7738cdfa42ed55212445 (patch) | |
| tree | c95250c0a1aee1018969e987bcfd5f428119dff1 /lib/test_fortify/write_overflow-strncpy-src.c | |
| parent | 9b7177b1df64b8d7f85700027c324aadd6aded00 (diff) | |
bpf, sockmap: Do not inc copied_seq when PEEK flag set
When data is peek'd off the receive queue we shouldn't considered it
copied from tcp_sock side. When we increment copied_seq this will confuse
tcp_data_ready() because copied_seq can be arbitrarily increased. From
application side it results in poll() operations not waking up when
expected.
Notice tcp stack without BPF recvmsg programs also does not increment
copied_seq.
We broke this when we moved copied_seq into recvmsg to only update when
actual copy was happening. But, it wasn't working correctly either before
because the tcp_data_ready() tried to use the copied_seq value to see
if data was read by user yet. See fixes tags.
Fixes: e5c6de5fa0258 ("bpf, sockmap: Incorrectly handling copied_seq")
Fixes: 04919bed948dc ("tcp: Introduce tcp_read_skb()")
Signed-off-by: John Fastabend <[email protected]>
Signed-off-by: Daniel Borkmann <[email protected]>
Reviewed-by: Jakub Sitnicki <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
Diffstat (limited to 'lib/test_fortify/write_overflow-strncpy-src.c')
0 files changed, 0 insertions, 0 deletions