From: Greg Kroah-Hartman Date: Tue, 2 Jun 2015 13:00:43 +0000 (+0900) Subject: 3.14-stable patches X-Git-Tag: v3.10.80~27 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ce923a5712f6284d76e1f3917761c42b5b8b2024;p=thirdparty%2Fkernel%2Fstable-queue.git 3.14-stable patches added patches: net-socket-fix-the-wrong-returns-for-recvmsg-and-sendmsg.patch --- diff --git a/queue-3.14/net-socket-fix-the-wrong-returns-for-recvmsg-and-sendmsg.patch b/queue-3.14/net-socket-fix-the-wrong-returns-for-recvmsg-and-sendmsg.patch new file mode 100644 index 00000000000..fc74e0c5239 --- /dev/null +++ b/queue-3.14/net-socket-fix-the-wrong-returns-for-recvmsg-and-sendmsg.patch @@ -0,0 +1,96 @@ +From zhengjunling@huawei.com Tue Jun 2 15:26:33 2015 +From: Junling Zheng +Date: Mon, 1 Jun 2015 09:28:00 +0000 +Subject: net: socket: Fix the wrong returns for recvmsg and sendmsg +To: +Cc: , , , , , +Message-ID: <1433150880-9976-1-git-send-email-zhengjunling@huawei.com> + +From: Junling Zheng + +Based on 08adb7dabd4874cc5666b4490653b26534702ce0 upstream. + +We found that after v3.10.73, recvmsg might return -EFAULT while -EINVAL +was expected. + +We tested it through the recvmsg01 testcase come from LTP testsuit. It set +msg->msg_namelen to -1 and the recvmsg syscall returned errno 14, which is +unexpected (errno 22 is expected): + +recvmsg01 4 TFAIL : invalid socket length ; returned -1 (expected -1), +errno 14 (expected 22) + +Linux mainline has no this bug for commit 08adb7dab fixes it accidentally. +However, it is too large and complex to be backported to LTS 3.10. + +Commit 281c9c36 (net: compat: Update get_compat_msghdr() to match +copy_msghdr_from_user() behaviour) made get_compat_msghdr() return +error if msg_sys->msg_namelen was negative, which changed the behaviors +of recvmsg and sendmsg syscall in a lib32 system: + +Before commit 281c9c36, get_compat_msghdr() wouldn't fail and it would +return -EINVAL in move_addr_to_user() or somewhere if msg_sys->msg_namelen +was invalid and then syscall returned -EINVAL, which is correct. + +And now, when msg_sys->msg_namelen is negative, get_compat_msghdr() will +fail and wants to return -EINVAL, however, the outer syscall will return +-EFAULT directly, which is unexpected. + +This patch gets the return value of get_compat_msghdr() as well as +copy_msghdr_from_user(), then returns this expected value if +get_compat_msghdr() fails. + +Fixes: 281c9c36 (net: compat: Update get_compat_msghdr() to match copy_msghdr_from_user() behaviour) +Signed-off-by: Junling Zheng +Signed-off-by: Hanbing Xu +Cc: Li Zefan +Cc: Al Viro +Cc: David Miller +Signed-off-by: Greg Kroah-Hartman + +--- + net/socket.c | 24 ++++++++++-------------- + 1 file changed, 10 insertions(+), 14 deletions(-) + +--- a/net/socket.c ++++ b/net/socket.c +@@ -2007,14 +2007,12 @@ static int ___sys_sendmsg(struct socket + int err, ctl_len, total_len; + + err = -EFAULT; +- if (MSG_CMSG_COMPAT & flags) { +- if (get_compat_msghdr(msg_sys, msg_compat)) +- return -EFAULT; +- } else { ++ if (MSG_CMSG_COMPAT & flags) ++ err = get_compat_msghdr(msg_sys, msg_compat); ++ else + err = copy_msghdr_from_user(msg_sys, msg); +- if (err) +- return err; +- } ++ if (err) ++ return err; + + if (msg_sys->msg_iovlen > UIO_FASTIOV) { + err = -EMSGSIZE; +@@ -2219,14 +2217,12 @@ static int ___sys_recvmsg(struct socket + struct sockaddr __user *uaddr; + int __user *uaddr_len; + +- if (MSG_CMSG_COMPAT & flags) { +- if (get_compat_msghdr(msg_sys, msg_compat)) +- return -EFAULT; +- } else { ++ if (MSG_CMSG_COMPAT & flags) ++ err = get_compat_msghdr(msg_sys, msg_compat); ++ else + err = copy_msghdr_from_user(msg_sys, msg); +- if (err) +- return err; +- } ++ if (err) ++ return err; + + if (msg_sys->msg_iovlen > UIO_FASTIOV) { + err = -EMSGSIZE; diff --git a/queue-3.14/series b/queue-3.14/series index dff17c84b7a..ba3d3f997a2 100644 --- a/queue-3.14/series +++ b/queue-3.14/series @@ -6,3 +6,4 @@ kernel-use-the-gnu89-standard-explicitly.patch qla2xxx-remove-redundant-declaration-in-qla_gbl.h.patch x86-fpu-disable-xsaves-support-for-now.patch kvm-mmu-fix-cr4.smep-1-cr0.wp-0-with-shadow-pages.patch +net-socket-fix-the-wrong-returns-for-recvmsg-and-sendmsg.patch