Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1771524imm; Thu, 27 Sep 2018 02:11:00 -0700 (PDT) X-Google-Smtp-Source: ACcGV63OhufvDB+McYg1g7D0ori3EKxU+OX8dg0djrI2aqYHTSQbBXDKjdCGeb3GAhbbizGD4gT6 X-Received: by 2002:a62:3a43:: with SMTP id h64-v6mr10294923pfa.119.1538039460112; Thu, 27 Sep 2018 02:11:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538039460; cv=none; d=google.com; s=arc-20160816; b=kkgbgzQozMQ+pXXt0pIq0JJiSrpyTZtNBiqgC8ur6bOsErbJeRZHEnFf7Uz+38UCm0 IL7wjMcJ/oh4mo5fOe52Ayw4UkLj3VQT+WlTUoPBTAKRRXTYVPSUqGUWoeeCBaUxYdHu sUSJ7+ng3NFHFJ/me0ETidcw5bA7tuU9zm0Lp4tp9ZZAhcLWRnd+vdW5r+ylaP4waWrN 4f1F2HmQSkZY4C04iL6T5RoPTuk+JZgtWkiCR3ojvQU2cAQVR9uBp290egVQLXgv+0Ls qbqimTrIiIT2+5rqssxC4Pd0ByYObrSptiLITKA9Egx0yyDy5jaTErxD/TvuTLZX6RBq tV0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from; bh=kcfQXEACWSCMxsunw6tr2ql7NyC/z9uViSnP7IJTM/0=; b=xFAojMoa5sxkj1DPkX8eQxCvaINlTAoupGalKVE4ml2BW4XJw35ohqnlwyTlaTXMvB uIpHbfUVsGjTsOD3L0KgxSBXYdvP7EGJQvtvd/pGclgXNXp3kp+PG21FtAvJaU9TZ0Kv CXGPd1KcRPql21Mt8b4mour/mhoyCXLD5sZRU1kJSPR9vbbf4BcStM4uf6WqcNQDQk6D sCcU239Ljc3TMypsXS5+ic07GyWLYX7nacLjtWxdKLAfEMgrZmANqNL/RwtpNIE5JkfM 0dAUg+Gn3g0vafu0Xv5JUhmctZ9Fz9LPKE1j/i70zy0IoZAVioAI6JC2BXdC+W2XAIq9 HZow== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n72-v6si1656294pfk.14.2018.09.27.02.10.45; Thu, 27 Sep 2018 02:11:00 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728322AbeI0P1B (ORCPT + 99 others); Thu, 27 Sep 2018 11:27:01 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:55082 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727634AbeI0P1A (ORCPT ); Thu, 27 Sep 2018 11:27:00 -0400 Received: from localhost (ip-213-127-77-73.ip.prioritytelecom.net [213.127.77.73]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 0647710A4; Thu, 27 Sep 2018 09:09:44 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jianlin Shi , Xin Long , Paolo Abeni , "David S. Miller" Subject: [PATCH 4.18 12/88] udp6: add missing checks on edumux packet processing Date: Thu, 27 Sep 2018 11:02:53 +0200 Message-Id: <20180927090302.018546413@linuxfoundation.org> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20180927090300.631426620@linuxfoundation.org> References: <20180927090300.631426620@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.18-stable review patch. If anyone has any objections, please let me know. ------------------ From: Paolo Abeni [ Upstream commit eb63f2964dbe36f26deac77d3016791675821ded ] Currently the UDPv6 early demux rx code path lacks some mandatory checks, already implemented into the normal RX code path - namely the checksum conversion and no_check6_rx check. Similar to the previous commit, we move the common processing to an UDPv6 specific helper and call it from both edemux code path and normal code path. In respect to the UDPv4, we need to add an explicit check for non zero csum according to no_check6_rx value. Reported-by: Jianlin Shi Suggested-by: Xin Long Fixes: c9f2c1ae123a ("udp6: fix socket leak on early demux") Fixes: 2abb7cdc0dc8 ("udp: Add support for doing checksum unnecessary conversion") Signed-off-by: Paolo Abeni Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/ipv6/udp.c | 65 ++++++++++++++++++++++++++++++++------------------------- 1 file changed, 37 insertions(+), 28 deletions(-) --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -748,6 +748,28 @@ static void udp6_sk_rx_dst_set(struct so } } +/* wrapper for udp_queue_rcv_skb tacking care of csum conversion and + * return code conversion for ip layer consumption + */ +static int udp6_unicast_rcv_skb(struct sock *sk, struct sk_buff *skb, + struct udphdr *uh) +{ + int ret; + + if (inet_get_convert_csum(sk) && uh->check && !IS_UDPLITE(sk)) + skb_checksum_try_convert(skb, IPPROTO_UDP, uh->check, + ip6_compute_pseudo); + + ret = udpv6_queue_rcv_skb(sk, skb); + + /* a return value > 0 means to resubmit the input, but + * it wants the return to be -protocol, or 0 + */ + if (ret > 0) + return -ret; + return 0; +} + int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, int proto) { @@ -799,13 +821,14 @@ int __udp6_lib_rcv(struct sk_buff *skb, if (unlikely(sk->sk_rx_dst != dst)) udp6_sk_rx_dst_set(sk, dst); - ret = udpv6_queue_rcv_skb(sk, skb); - sock_put(sk); + if (!uh->check && !udp_sk(sk)->no_check6_rx) { + sock_put(sk); + goto report_csum_error; + } - /* a return value > 0 means to resubmit the input */ - if (ret > 0) - return ret; - return 0; + ret = udp6_unicast_rcv_skb(sk, skb, uh); + sock_put(sk); + return ret; } /* @@ -818,30 +841,13 @@ int __udp6_lib_rcv(struct sk_buff *skb, /* Unicast */ sk = __udp6_lib_lookup_skb(skb, uh->source, uh->dest, udptable); if (sk) { - int ret; - - if (!uh->check && !udp_sk(sk)->no_check6_rx) { - udp6_csum_zero_error(skb); - goto csum_error; - } - - if (inet_get_convert_csum(sk) && uh->check && !IS_UDPLITE(sk)) - skb_checksum_try_convert(skb, IPPROTO_UDP, uh->check, - ip6_compute_pseudo); - - ret = udpv6_queue_rcv_skb(sk, skb); - - /* a return value > 0 means to resubmit the input */ - if (ret > 0) - return ret; - - return 0; + if (!uh->check && !udp_sk(sk)->no_check6_rx) + goto report_csum_error; + return udp6_unicast_rcv_skb(sk, skb, uh); } - if (!uh->check) { - udp6_csum_zero_error(skb); - goto csum_error; - } + if (!uh->check) + goto report_csum_error; if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) goto discard; @@ -862,6 +868,9 @@ short_packet: ulen, skb->len, daddr, ntohs(uh->dest)); goto discard; + +report_csum_error: + udp6_csum_zero_error(skb); csum_error: __UDP6_INC_STATS(net, UDP_MIB_CSUMERRORS, proto == IPPROTO_UDPLITE); discard: