All of lore.kernel.org
 help / color / mirror / Atom feed
* Fw: [Bug 214339] New: sendmsg return value may be positive while send errors
@ 2021-09-07 19:10 Stephen Hemminger
  2021-09-08 14:41 ` Willem de Bruijn
  0 siblings, 1 reply; 2+ messages in thread
From: Stephen Hemminger @ 2021-09-07 19:10 UTC (permalink / raw)
  To: netdev



Begin forwarded message:

Date: Tue, 07 Sep 2021 09:23:54 +0000
From: bugzilla-daemon@bugzilla.kernel.org
To: stephen@networkplumber.org
Subject: [Bug 214339] New: sendmsg return value may be positive while send errors


https://bugzilla.kernel.org/show_bug.cgi?id=214339

            Bug ID: 214339
           Summary: sendmsg return value may be positive while send errors
           Product: Networking
           Version: 2.5
    Kernel Version: 4.9.99
          Hardware: All
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: IPV4
          Assignee: stephen@networkplumber.org
          Reporter: 1031265646@qq.com
        Regression: No

in file udp.c, a function named udp_sendmsg has a code like this:

        /* Lockless fast path for the non-corking case. */
        if (!corkreq) {
                skb = ip_make_skb(sk, fl4, getfrag, msg, ulen,
                                  sizeof(struct udphdr), &ipc, &rt,
                                  msg->msg_flags);
                err = PTR_ERR(skb);
                if (!IS_ERR_OR_NULL(skb))
                        err = udp_send_skb(skb, fl4);
                goto out;
        }

but function ip_make_skb may return a null, then err will be set to 0;and out
like this:

out:
        ip_rt_put(rt);
        if (free)
                kfree(ipc.opt);
        if (!err)
                return len;  // return a positive value

actually, because lock of kernel memory or socket_buffer,the ip_make_skb failed
means the send operation failed. but a positive value is returnd here.
finnally, users regard the operation was success, but actually it failed in
kernel.

-- 
You may reply to this email to add a comment.

You are receiving this mail because:
You are the assignee for the bug.

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: Fw: [Bug 214339] New: sendmsg return value may be positive while send errors
  2021-09-07 19:10 Fw: [Bug 214339] New: sendmsg return value may be positive while send errors Stephen Hemminger
@ 2021-09-08 14:41 ` Willem de Bruijn
  0 siblings, 0 replies; 2+ messages in thread
From: Willem de Bruijn @ 2021-09-08 14:41 UTC (permalink / raw)
  To: Stephen Hemminger; +Cc: netdev

On Tue, Sep 7, 2021 at 3:11 PM Stephen Hemminger
<stephen@networkplumber.org> wrote:
>
>
>
> Begin forwarded message:
>
> Date: Tue, 07 Sep 2021 09:23:54 +0000
> From: bugzilla-daemon@bugzilla.kernel.org
> To: stephen@networkplumber.org
> Subject: [Bug 214339] New: sendmsg return value may be positive while send errors
>
>
> https://bugzilla.kernel.org/show_bug.cgi?id=214339
>
>             Bug ID: 214339
>            Summary: sendmsg return value may be positive while send errors
>            Product: Networking
>            Version: 2.5
>     Kernel Version: 4.9.99
>           Hardware: All
>                 OS: Linux
>               Tree: Mainline
>             Status: NEW
>           Severity: normal
>           Priority: P1
>          Component: IPV4
>           Assignee: stephen@networkplumber.org
>           Reporter: 1031265646@qq.com
>         Regression: No
>
> in file udp.c, a function named udp_sendmsg has a code like this:
>
>         /* Lockless fast path for the non-corking case. */
>         if (!corkreq) {
>                 skb = ip_make_skb(sk, fl4, getfrag, msg, ulen,
>                                   sizeof(struct udphdr), &ipc, &rt,
>                                   msg->msg_flags);
>                 err = PTR_ERR(skb);
>                 if (!IS_ERR_OR_NULL(skb))
>                         err = udp_send_skb(skb, fl4);
>                 goto out;
>         }
>
> but function ip_make_skb may return a null, then err will be set to 0;and out
> like this:

ip_make_skb returns NULL on MSG_PROBE, as intended.

or if __ip_make_skb did not find an skb on __skb_dequeue(queue). But
this is not possible, as __ip_append_data either succeeds and enqueues
an skb or fails and makes ip_send_skb fail before reaching that code.

I don't see anything wrong here.

> out:
>         ip_rt_put(rt);
>         if (free)
>                 kfree(ipc.opt);
>         if (!err)
>                 return len;  // return a positive value
>
> actually, because lock of kernel memory or socket_buffer,

I don't follow this part. This operation runs without locks.

> the ip_make_skb failed
> means the send operation failed. but a positive value is returnd here.
> finnally, users regard the operation was success, but actually it failed in
> kernel.

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-09-08 14:42 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-07 19:10 Fw: [Bug 214339] New: sendmsg return value may be positive while send errors Stephen Hemminger
2021-09-08 14:41 ` Willem de Bruijn

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.