Commit c570ec2f authored by Eric Dumazet's avatar Eric Dumazet Committed by Willy Tarreau

udp: fix behavior of wrong checksums

commit beb39db5 upstream.

We have two problems in UDP stack related to bogus checksums :

1) We return -EAGAIN to application even if receive queue is not empty.
   This breaks applications using edge trigger epoll()

2) Under UDP flood, we can loop forever without yielding to other
   processes, potentially hanging the host, especially on non SMP.

This patch is an attempt to make things better.

We might in the future add extra support for rt applications
wanting to better control time spent doing a recv() in a hostile
environment. For example we could validate checksums before queuing
packets in socket receive queue.
Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Cc: Willem de Bruijn <willemb@google.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>

CVE-2015-5364
CVE-2015-5366
Signed-off-by: default avatarWilly Tarreau <w@1wt.eu>
parent 791299da
...@@ -1016,10 +1016,8 @@ int udp_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, ...@@ -1016,10 +1016,8 @@ int udp_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite);
release_sock(sk); release_sock(sk);
if (noblock) /* starting over for a new packet, but check if we need to yield */
return -EAGAIN; cond_resched();
/* starting over for a new packet */
msg->msg_flags &= ~MSG_TRUNC; msg->msg_flags &= ~MSG_TRUNC;
goto try_again; goto try_again;
} }
......
...@@ -301,10 +301,8 @@ int udpv6_recvmsg(struct kiocb *iocb, struct sock *sk, ...@@ -301,10 +301,8 @@ int udpv6_recvmsg(struct kiocb *iocb, struct sock *sk,
} }
release_sock(sk); release_sock(sk);
if (noblock) /* starting over for a new packet, but check if we need to yield */
return -EAGAIN; cond_resched();
/* starting over for a new packet */
msg->msg_flags &= ~MSG_TRUNC; msg->msg_flags &= ~MSG_TRUNC;
goto try_again; goto try_again;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment