diff mbox

[net] sock: fix sendmmsg for partial sendmsg

Message ID 1478288209-30893-1-git-send-email-soheil.kdev@gmail.com
State Accepted, archived
Delegated to: David Miller
Headers show

Commit Message

Soheil Hassas Yeganeh Nov. 4, 2016, 7:36 p.m. UTC
From: Soheil Hassas Yeganeh <soheil@google.com>

Do not send the next message in sendmmsg for partial sendmsg
invocations.

sendmmsg assumes that it can continue sending the next message
when the return value of the individual sendmsg invocations
is positive. It results in corrupting the data for TCP,
SCTP, and UNIX streams.

For example, sendmmsg([["abcd"], ["efgh"]]) can result in a stream
of "aefgh" if the first sendmsg invocation sends only the first
byte while the second sendmsg goes through.

Datagram sockets either send the entire datagram or fail, so
this patch affects only sockets of type SOCK_STREAM and
SOCK_SEQPACKET.

Fixes: 228e548e6020 ("net: Add sendmmsg socket system call")
Signed-off-by: Soheil Hassas Yeganeh <soheil@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: Neal Cardwell <ncardwell@google.com>
---
 net/socket.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Maciej Żenczykowski Nov. 5, 2016, 3:10 a.m. UTC | #1
Acked-by: Maciej Żenczykowski <maze@google.com>
David Miller Nov. 9, 2016, 6:18 p.m. UTC | #2
From: Soheil Hassas Yeganeh <soheil.kdev@gmail.com>
Date: Fri,  4 Nov 2016 15:36:49 -0400

> From: Soheil Hassas Yeganeh <soheil@google.com>
> 
> Do not send the next message in sendmmsg for partial sendmsg
> invocations.
> 
> sendmmsg assumes that it can continue sending the next message
> when the return value of the individual sendmsg invocations
> is positive. It results in corrupting the data for TCP,
> SCTP, and UNIX streams.
> 
> For example, sendmmsg([["abcd"], ["efgh"]]) can result in a stream
> of "aefgh" if the first sendmsg invocation sends only the first
> byte while the second sendmsg goes through.
> 
> Datagram sockets either send the entire datagram or fail, so
> this patch affects only sockets of type SOCK_STREAM and
> SOCK_SEQPACKET.
> 
> Fixes: 228e548e6020 ("net: Add sendmmsg socket system call")
> Signed-off-by: Soheil Hassas Yeganeh <soheil@google.com>
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> Signed-off-by: Willem de Bruijn <willemb@google.com>
> Signed-off-by: Neal Cardwell <ncardwell@google.com>

Applied and queued up for -stable, thanks.
diff mbox

Patch

diff --git a/net/socket.c b/net/socket.c
index 5a9bf5e..272518b 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -2038,6 +2038,8 @@  int __sys_sendmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen,
 		if (err)
 			break;
 		++datagrams;
+		if (msg_data_left(&msg_sys))
+			break;
 		cond_resched();
 	}