From: Eric Dumazet <edumazet@google.com>
Date: Wed, 2 Mar 2022 16:17:23 +0000 (-0800)
Subject: tcp: make tcp_read_sock() more robust
X-Git-Tag: archive/raspbian/5.10.106-1+rpi1^2~17
X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com/cgi/%22https:/%22bookmarks://%22%22/%22http:/www.example.com/cgi/%22https:/%22bookmarks:/%22%22?a=commitdiff_plain;h=7e594234ade57d497be83efbed699b86250fc150;p=linux.git

tcp: make tcp_read_sock() more robust

Origin: https://git.kernel.org/linus/e3d5ea2c011ecb16fb94c56a659364e6b30fac94

If recv_actor() returns an incorrect value, tcp_read_sock()
might loop forever.

Instead, issue a one time warning and make sure to make progress.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Acked-by: Jakub Sitnicki <jakub@cloudflare.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/r/20220302161723.3910001-2-eric.dumazet@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name tcp-make-tcp_read_sock-more-robust.patch
---

diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 63c81af41b4..a3ec2a08027 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -1652,11 +1652,13 @@ int tcp_read_sock(struct sock *sk, read_descriptor_t *desc,
 				if (!copied)
 					copied = used;
 				break;
-			} else if (used <= len) {
-				seq += used;
-				copied += used;
-				offset += used;
 			}
+			if (WARN_ON_ONCE(used > len))
+				used = len;
+			seq += used;
+			copied += used;
+			offset += used;
+
 			/* If recv_actor drops the lock (e.g. TCP splice
 			 * receive) the skb pointer might be invalid when
 			 * getting here: tcp_collapse might have deleted it