From patchwork Wed Jul  9 17:31:22 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ben Pfaff <blp@nicira.com>
X-Patchwork-Id: 368291
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 6DA29140114
	for <patchwork-incoming@ozlabs.org>;
	Thu, 10 Jul 2014 03:32:38 +1000 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755428AbaGIRce (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Wed, 9 Jul 2014 13:32:34 -0400
Received: from na3sys009aog128.obsmtp.com ([74.125.149.141]:41165 "HELO
	na3sys009aog128.obsmtp.com" rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with SMTP id S1750951AbaGIRcd (ORCPT
	<rfc822;netdev@vger.kernel.org>); Wed, 9 Jul 2014 13:32:33 -0400
Received: from mail-vc0-f175.google.com ([209.85.220.175]) (using TLSv1) by
	na3sys009aob128.postini.com ([74.125.148.12]) with SMTP
	ID DSNKU718r2f+FbnVi5Xu/kpAHHCZygyYF5a3@postini.com;
	Wed, 09 Jul 2014 10:32:32 PDT
Received: by mail-vc0-f175.google.com with SMTP id hy4so7584060vcb.20
	for <netdev@vger.kernel.org>; Wed, 09 Jul 2014 10:32:31 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=Y+JMwsqb2L1N3p2Z0KtUTRVkMD/79rvO48vHC8Q3FyE=;
	b=DNKioipsFyTtV1vwUNG+U2/3QazvMOWHVpAuQ7PMRr/T8oqO7QbdA180q7c1aB2LL+
	Os4FFL/YbkGiOHpLwjmH7Gv540Hv5+woqsRqeiZfaphTNR8km4LKzDzE9cLx7YSqUxPt
	bIebki4F7jc4vIxEfmo9LVDSXBDTkVHcOvES5axIO2wVTS3EBlPHFFmmBoJjnXxRHD+V
	TD/VSBC1kbeg4HiYX8Aapur8wHNZ6/MFYCjCAS28vO/edlBkdTwrpbBfxPWf/cd7auhW
	L2zXXPhN/Y2z7mn+NFSXJ1S0REjnF0WXNNoB1Mo2wUFE1hmPOqhCnSy1Ieo+JQtL3Agp
	MjSg==
X-Gm-Message-State: 
 ALoCoQlar+/S/L4+gs4TF2bfLGLWMTQk44C8430ekq3hW72AIoflAMlrmKO9M94u8o51EzpH7mp59RUeWAa0fnnIC3BokmzH6GKSC1wyznVS350vzWZLIP3ka0m6iOfIGPKriIQox7Fj
X-Received: by 10.58.185.227 with SMTP id ff3mr1754902vec.45.1404927151918;
	Wed, 09 Jul 2014 10:32:31 -0700 (PDT)
X-Received: by 10.58.185.227 with SMTP id ff3mr1754889vec.45.1404927151784;
	Wed, 09 Jul 2014 10:32:31 -0700 (PDT)
Received: from sigsegv.eng.vmware.com. (benpfaff.org. [66.246.76.178])
	by mx.google.com with ESMTPSA id
	b10sm32683326qgf.7.2014.07.09.10.32.30 for <multiple recipients>
	(version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 09 Jul 2014 10:32:30 -0700 (PDT)
From: Ben Pfaff <blp@nicira.com>
To: netdev@vger.kernel.org
Cc: Ben Pfaff <blp@nicira.com>
Subject: [PATCH v2] netlink: Fix handling of error from netlink_dump().
Date: Wed,  9 Jul 2014 10:31:22 -0700
Message-Id: <1404927082-8647-1-git-send-email-blp@nicira.com>
X-Mailer: git-send-email 1.7.10.4
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

netlink_dump() returns a negative errno value on error.  Until now,
netlink_recvmsg() directly recorded that negative value in sk->sk_err, but
that's wrong since sk_err takes positive errno values.  (This manifests as
userspace receiving a positive return value from the recv() system call,
falsely indicating success.) This bug was introduced in the commit that
started checking the netlink_dump() return value, commit b44d211 (netlink:
handle errors from netlink_dump()).

Multithreaded Netlink dumps are one way to trigger this behavior in
practice, as described in the commit message for the userspace workaround
posted here:
    http://openvswitch.org/pipermail/dev/2014-June/042339.html

This commit also fixes the same bug in netlink_poll(), introduced in commit
cd1df525d (netlink: add flow control for memory mapped I/O).

Signed-off-by: Ben Pfaff <blp@nicira.com>
---
v1->v2: Fix same bug in another place, as requested by Dave Miller.

 net/netlink/af_netlink.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 15c731f..e6fac7e 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -636,7 +636,7 @@ static unsigned int netlink_poll(struct file *file, struct socket *sock,
 		while (nlk->cb_running && netlink_dump_space(nlk)) {
 			err = netlink_dump(sk);
 			if (err < 0) {
-				sk->sk_err = err;
+				sk->sk_err = -err;
 				sk->sk_error_report(sk);
 				break;
 			}
@@ -2483,7 +2483,7 @@ static int netlink_recvmsg(struct kiocb *kiocb, struct socket *sock,
 	    atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf / 2) {
 		ret = netlink_dump(sk);
 		if (ret) {
-			sk->sk_err = ret;
+			sk->sk_err = -ret;
 			sk->sk_error_report(sk);
 		}
 	}