linux-yocto/net/rxrpc
David Howells ae4f899894 rxrpc: Fix ability to add more data to a call once MSG_MORE deasserted
When userspace is adding data to an RPC call for transmission, it must pass
MSG_MORE to sendmsg() if it intends to add more data in future calls to
sendmsg().  Calling sendmsg() without MSG_MORE being asserted closes the
transmission phase of the call (assuming sendmsg() adds all the data
presented) and further attempts to add more data should be rejected.

However, this is no longer the case.  The change of call state that was
previously the guard got bumped over to the I/O thread, which leaves a
window for a repeat sendmsg() to insert more data.  This previously went
unnoticed, but the more recent patch that changed the structures behind the
Tx queue added a warning:

        WARNING: CPU: 3 PID: 6639 at net/rxrpc/sendmsg.c:296 rxrpc_send_data+0x3f2/0x860

and rejected the additional data, returning error EPROTO.

Fix this by adding a guard flag to the call, setting the flag when we queue
the final packet and then rejecting further attempts to add data with
EPROTO.

Fixes: 2d689424b6 ("rxrpc: Move call state changes from sendmsg to I/O thread")
Reported-by: syzbot+ff11be94dfcd7a5af8da@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/r/6757fb68.050a0220.2477f.005f.GAE@google.com/
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: syzbot+ff11be94dfcd7a5af8da@syzkaller.appspotmail.com
cc: Marc Dionne <marc.dionne@auristor.com>
cc: linux-afs@lists.infradead.org
Link: https://patch.msgid.link/2870480.1734037462@warthog.procyon.org.uk
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2024-12-16 18:06:59 -08:00
..
af_rxrpc.c rxrpc: Use irq-disabling spinlocks between app and I/O thread 2024-12-09 13:48:31 -08:00
ar-internal.h rxrpc: Fix ability to add more data to a call once MSG_MORE deasserted 2024-12-16 18:06:59 -08:00
call_accept.c rxrpc: Use irq-disabling spinlocks between app and I/O thread 2024-12-09 13:48:31 -08:00
call_event.c rxrpc: Implement RACK/TLP to deal with transmission stalls [RFC8985] 2024-12-09 13:48:33 -08:00
call_object.c rxrpc: Implement RACK/TLP to deal with transmission stalls [RFC8985] 2024-12-09 13:48:33 -08:00
call_state.c rxrpc: Move client call connection to the I/O thread 2023-01-06 09:43:33 +00:00
conn_client.c rxrpc: Use irq-disabling spinlocks between app and I/O thread 2024-12-09 13:48:31 -08:00
conn_event.c rxrpc: Add a reason indicator to the tx_ack tracepoint 2024-12-09 13:48:32 -08:00
conn_object.c rxrpc: Use irq-disabling spinlocks between app and I/O thread 2024-12-09 13:48:31 -08:00
conn_service.c rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() 2023-12-24 15:22:49 +00:00
input_rack.c rxrpc: Implement RACK/TLP to deal with transmission stalls [RFC8985] 2024-12-09 13:48:33 -08:00
input.c rxrpc: Implement RACK/TLP to deal with transmission stalls [RFC8985] 2024-12-09 13:48:33 -08:00
insecure.c rxrpc: Prepare to be able to send jumbo DATA packets 2024-12-09 13:48:26 -08:00
io_thread.c rxrpc: Disable IRQ, not BH, to take the lock for ->attend_link 2024-12-16 18:06:23 -08:00
Kconfig rxrpc: Allow a delay to be injected into packet reception 2023-01-31 16:38:09 +00:00
key.c rxrpc: Fix error when reading rxrpc tokens 2023-04-23 13:38:28 +01:00
local_event.c rxrpc: Truncate UTS_RELEASE for rxrpc version 2023-05-30 10:01:06 +02:00
local_object.c rxrpc: Don't use received skbuff timestamps 2024-12-09 13:48:29 -08:00
Makefile rxrpc: Implement RACK/TLP to deal with transmission stalls [RFC8985] 2024-12-09 13:48:33 -08:00
misc.c rxrpc: Implement path-MTU probing using padded PING ACKs (RFC8899) 2024-12-09 13:48:25 -08:00
net_ns.c rxrpc: Create a procfile to display outstanding client conn bundles 2023-12-24 15:22:56 +00:00
output.c rxrpc: Implement RACK/TLP to deal with transmission stalls [RFC8985] 2024-12-09 13:48:33 -08:00
peer_event.c rxrpc: Use irq-disabling spinlocks between app and I/O thread 2024-12-09 13:48:31 -08:00
peer_object.c rxrpc: Manage RTT per-call rather than per-peer 2024-12-09 13:48:32 -08:00
proc.c rxrpc: Manage RTT per-call rather than per-peer 2024-12-09 13:48:32 -08:00
protocol.h rxrpc: Implement path-MTU probing using padded PING ACKs (RFC8899) 2024-12-09 13:48:25 -08:00
recvmsg.c rxrpc: Use irq-disabling spinlocks between app and I/O thread 2024-12-09 13:48:31 -08:00
rtt.c rxrpc: Manage RTT per-call rather than per-peer 2024-12-09 13:48:32 -08:00
rxkad.c rxrpc: Prepare to be able to send jumbo DATA packets 2024-12-09 13:48:26 -08:00
rxperf.c rxrpc: Use umin() and umax() rather than min_t()/max_t() where possible 2024-12-09 13:48:23 -08:00
security.c rxrpc: Use irq-disabling spinlocks between app and I/O thread 2024-12-09 13:48:31 -08:00
sendmsg.c rxrpc: Fix ability to add more data to a call once MSG_MORE deasserted 2024-12-16 18:06:59 -08:00
server_key.c rxrpc: Implement an in-kernel rxperf server for testing purposes 2022-12-01 13:36:37 +00:00
skbuff.c rxrpc: Use consume_skb() rather than kfree_skb_reason() 2023-02-07 23:11:20 +00:00
sysctl.c rxrpc: Implement path-MTU probing using padded PING ACKs (RFC8899) 2024-12-09 13:48:25 -08:00
txbuf.c rxrpc: Don't allocate a txbuf for an ACK transmission 2024-12-09 13:48:31 -08:00
utils.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00