* Fw: [Bug 214339] New: sendmsg return value may be positive while send errors
@ 2021-09-07 19:10 Stephen Hemminger
2021-09-08 14:41 ` Willem de Bruijn
0 siblings, 1 reply; 2+ messages in thread
From: Stephen Hemminger @ 2021-09-07 19:10 UTC (permalink / raw)
To: netdev
Begin forwarded message:
Date: Tue, 07 Sep 2021 09:23:54 +0000
From: bugzilla-daemon@bugzilla.kernel.org
To: stephen@networkplumber.org
Subject: [Bug 214339] New: sendmsg return value may be positive while send errors
https://bugzilla.kernel.org/show_bug.cgi?id=214339
Bug ID: 214339
Summary: sendmsg return value may be positive while send errors
Product: Networking
Version: 2.5
Kernel Version: 4.9.99
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: IPV4
Assignee: stephen@networkplumber.org
Reporter: 1031265646@qq.com
Regression: No
in file udp.c, a function named udp_sendmsg has a code like this:
/* Lockless fast path for the non-corking case. */
if (!corkreq) {
skb = ip_make_skb(sk, fl4, getfrag, msg, ulen,
sizeof(struct udphdr), &ipc, &rt,
msg->msg_flags);
err = PTR_ERR(skb);
if (!IS_ERR_OR_NULL(skb))
err = udp_send_skb(skb, fl4);
goto out;
}
but function ip_make_skb may return a null, then err will be set to 0;and out
like this:
out:
ip_rt_put(rt);
if (free)
kfree(ipc.opt);
if (!err)
return len; // return a positive value
actually, because lock of kernel memory or socket_buffer,the ip_make_skb failed
means the send operation failed. but a positive value is returnd here.
finnally, users regard the operation was success, but actually it failed in
kernel.
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Fw: [Bug 214339] New: sendmsg return value may be positive while send errors
2021-09-07 19:10 Fw: [Bug 214339] New: sendmsg return value may be positive while send errors Stephen Hemminger
@ 2021-09-08 14:41 ` Willem de Bruijn
0 siblings, 0 replies; 2+ messages in thread
From: Willem de Bruijn @ 2021-09-08 14:41 UTC (permalink / raw)
To: Stephen Hemminger; +Cc: netdev
On Tue, Sep 7, 2021 at 3:11 PM Stephen Hemminger
<stephen@networkplumber.org> wrote:
>
>
>
> Begin forwarded message:
>
> Date: Tue, 07 Sep 2021 09:23:54 +0000
> From: bugzilla-daemon@bugzilla.kernel.org
> To: stephen@networkplumber.org
> Subject: [Bug 214339] New: sendmsg return value may be positive while send errors
>
>
> https://bugzilla.kernel.org/show_bug.cgi?id=214339
>
> Bug ID: 214339
> Summary: sendmsg return value may be positive while send errors
> Product: Networking
> Version: 2.5
> Kernel Version: 4.9.99
> Hardware: All
> OS: Linux
> Tree: Mainline
> Status: NEW
> Severity: normal
> Priority: P1
> Component: IPV4
> Assignee: stephen@networkplumber.org
> Reporter: 1031265646@qq.com
> Regression: No
>
> in file udp.c, a function named udp_sendmsg has a code like this:
>
> /* Lockless fast path for the non-corking case. */
> if (!corkreq) {
> skb = ip_make_skb(sk, fl4, getfrag, msg, ulen,
> sizeof(struct udphdr), &ipc, &rt,
> msg->msg_flags);
> err = PTR_ERR(skb);
> if (!IS_ERR_OR_NULL(skb))
> err = udp_send_skb(skb, fl4);
> goto out;
> }
>
> but function ip_make_skb may return a null, then err will be set to 0;and out
> like this:
ip_make_skb returns NULL on MSG_PROBE, as intended.
or if __ip_make_skb did not find an skb on __skb_dequeue(queue). But
this is not possible, as __ip_append_data either succeeds and enqueues
an skb or fails and makes ip_send_skb fail before reaching that code.
I don't see anything wrong here.
> out:
> ip_rt_put(rt);
> if (free)
> kfree(ipc.opt);
> if (!err)
> return len; // return a positive value
>
> actually, because lock of kernel memory or socket_buffer,
I don't follow this part. This operation runs without locks.
> the ip_make_skb failed
> means the send operation failed. but a positive value is returnd here.
> finnally, users regard the operation was success, but actually it failed in
> kernel.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-09-08 14:42 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-07 19:10 Fw: [Bug 214339] New: sendmsg return value may be positive while send errors Stephen Hemminger
2021-09-08 14:41 ` Willem de Bruijn
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.