From 5a4552f3a6997794361daffafc0a3eba2759f45b Mon Sep 17 00:00:00 2001 From: Pengcheng Yang Date: Sun, 11 Jun 2023 19:23:48 +0800 Subject: [PATCH] bpf, sockmap: Fix data loss caused by using apply_bytes on ingress redirect stable inclusion from stable-v5.10.163 commit c58df40e3e67fd7603290b5dd24c47cdc1f9ef74 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I6AVM6 CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=c58df40e3e67fd7603290b5dd24c47cdc1f9ef74 -------------------------------- [ Upstream commit 9072931f020bfd907d6d89ee21ff1481cd78b407 ] Use apply_bytes on ingress redirect, when apply_bytes is less than the length of msg data, some data may be skipped and lost in bpf_tcp_ingress(). If there is still data in the scatterlist that has not been consumed, we cannot move the msg iter. Fixes: 604326b41a6f ("bpf, sockmap: convert to generic sk_msg interface") Signed-off-by: Pengcheng Yang Signed-off-by: Daniel Borkmann Acked-by: Jakub Sitnicki Link: https://lore.kernel.org/bpf/1669718441-2654-4-git-send-email-yangpc@wangsu.com Signed-off-by: Sasha Levin Signed-off-by: Wang Hai Signed-off-by: Liu Jian --- net/ipv4/tcp_bpf.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/net/ipv4/tcp_bpf.c b/net/ipv4/tcp_bpf.c index 8c2ea1aaef77..fd6fbf3d80a2 100644 --- a/net/ipv4/tcp_bpf.c +++ b/net/ipv4/tcp_bpf.c @@ -126,8 +126,11 @@ static int bpf_tcp_ingress(struct sock *sk, struct sk_psock *psock, tmp->sg.end = i; if (apply) { apply_bytes -= size; - if (!apply_bytes) + if (!apply_bytes) { + if (sge->length) + sk_msg_iter_var_prev(i); break; + } } } while (i != msg->sg.end); -- GitLab