2021-06-08 06:30:58

by Zheng Yongjun

[permalink] [raw]
Subject: [PATCH v4] ping: Check return value of function 'ping_queue_rcv_skb'

Function 'ping_queue_rcv_skb' not always return success, which will
also return fail. If not check the wrong return value of it, lead
to function `ping_rcv` return success.

Signed-off-by: Zheng Yongjun <[email protected]>
---
v2:
- use rc as return value to make code look cleaner
v3:
- delete unnecessary braces {}
v4:
- put variable 'rc' declaration at the beginning of function

net/ipv4/ping.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
index 1c9f71a37258..f01cde4fe08b 100644
--- a/net/ipv4/ping.c
+++ b/net/ipv4/ping.c
@@ -954,6 +954,7 @@ bool ping_rcv(struct sk_buff *skb)
struct sock *sk;
struct net *net = dev_net(skb->dev);
struct icmphdr *icmph = icmp_hdr(skb);
+ bool rc = false;

/* We assume the packet has already been checked by icmp_rcv */

@@ -968,14 +969,13 @@ bool ping_rcv(struct sk_buff *skb)
struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);

pr_debug("rcv on socket %p\n", sk);
- if (skb2)
- ping_queue_rcv_skb(sk, skb2);
+ if (skb2 && !ping_queue_rcv_skb(sk, skb2))
+ rc = true;
sock_put(sk);
- return true;
}
pr_debug("no socket, dropping\n");

- return false;
+ return rc;
}
EXPORT_SYMBOL_GPL(ping_rcv);

--
2.25.1


2021-06-09 16:56:51

by David Miller

[permalink] [raw]
Subject: Re: [PATCH v4] ping: Check return value of function 'ping_queue_rcv_skb'

From: Zheng Yongjun <[email protected]>
Date: Tue, 8 Jun 2021 14:42:46 +0800

> --- a/net/ipv4/ping.c
> +++ b/net/ipv4/ping.c
> @@ -954,6 +954,7 @@ bool ping_rcv(struct sk_buff *skb)
> struct sock *sk;
> struct net *net = dev_net(skb->dev);
> struct icmphdr *icmph = icmp_hdr(skb);
> + bool rc = false;
>
> /* We assume the packet has already been checked by icmp_rcv */
>
> @@ -968,14 +969,13 @@ bool ping_rcv(struct sk_buff *skb)
> struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
>
> pr_debug("rcv on socket %p\n", sk);
> - if (skb2)
> - ping_queue_rcv_skb(sk, skb2);
> + if (skb2 && !ping_queue_rcv_skb(sk, skb2))
> + rc = true;
> sock_put(sk);
> - return true;
> }
> pr_debug("no socket, dropping\n");
>
> - return false;
> + return rc;

YOu have chsanged the control flowe in a way that this pr_debug() can be inaccurate.
It can print when we did find a socket.

Please fix this.

Thank you.