hamza.kesraoui/sst-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a1.2
sst-linux/net/smc
History
Guangguan Wang f08f0d0392 net/smc: fix data error when recvmsg with MSG_PEEK flag 
[ Upstream commit a4b6539038c1aa1ae871aacf6e41b566c3613993 ]

When recvmsg with MSG_PEEK flag, the data will be copied to
user's buffer without advancing consume cursor and without
reducing the length of rx available data. Once the expected
peek length is larger than the value of bytes_to_rcv, in the
loop of do while in smc_rx_recvmsg, the first loop will copy
bytes_to_rcv bytes of data from the position local_tx_ctrl.cons,
the second loop will copy the min(bytes_to_rcv, read_remaining)
bytes from the position local_tx_ctrl.cons again because of the
lacking of process with advancing consume cursor and reducing
the length of available data. So do the subsequent loops. The
data copied in the second loop and the subsequent loops will
result in data error, as it should not be copied if no more data
arrives and it should be copied from the position advancing
bytes_to_rcv bytes from the local_tx_ctrl.cons if more data arrives.

This issue can be reproduce by the following python script:
server.py:
import socket
import time
server_ip = '0.0.0.0'
server_port = 12346
server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server_socket.bind((server_ip, server_port))
server_socket.listen(1)
print('Server is running and listening for connections...')
conn, addr = server_socket.accept()
print('Connected by', addr)
while True:
    data = conn.recv(1024)
    if not data:
        break
    print('Received request:', data.decode())
    conn.sendall(b'Hello, client!\n')
    time.sleep(5)
    conn.sendall(b'Hello, again!\n')
conn.close()

client.py:
import socket
server_ip = '<server ip>'
server_port = 12346
resp=b'Hello, client!\nHello, again!\n'
client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client_socket.connect((server_ip, server_port))
request = 'Hello, server!'
client_socket.sendall(request.encode())
peek_data = client_socket.recv(len(resp),
    socket.MSG_PEEK | socket.MSG_WAITALL)
print('Peeked data:', peek_data.decode())
client_socket.close()

Fixes: 952310ccf2 ("smc: receive data from RMBE")
Reported-by: D. Wythe <alibuda@linux.alibaba.com>
Signed-off-by: Guangguan Wang <guangguan.wang@linux.alibaba.com>
Link: https://patch.msgid.link/20250104143201.35529-1-guangguan.wang@linux.alibaba.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-02-21 13:49:03 +01:00
..
af_smc.c net/smc: fix data error when recvmsg with MSG_PEEK flag 2025-02-21 13:49:03 +01:00
Kconfig
Makefile
smc_cdc.c
smc_cdc.h
smc_clc.c net/smc: check return value of sock_recvmsg when draining clc data 2024-12-27 13:52:54 +01:00
smc_clc.h net/smc: check smcd_v2_ext_offset when receiving proposal msg 2024-12-27 13:52:54 +01:00
smc_close.c
smc_close.h
smc_core.c net/smc: protect link down work from execute after lgr freed 2024-12-27 13:52:53 +01:00
smc_core.h
smc_diag.c sock_diag: add module pointer to "struct sock_diag_handler" 2024-12-14 19:53:32 +01:00
smc_ib.c net/smc: fix neighbour and rtable leak in smc_ib_find_route() 2024-05-17 11:56:13 +02:00
smc_ib.h
smc_ism.c
smc_ism.h
smc_llc.c
smc_llc.h
smc_netlink.c
smc_netlink.h
smc_netns.h
smc_pnet.c net/smc: Fix searching in list of known pnetids in smc_pnet_add_pnetid 2024-11-01 01:55:59 +01:00
smc_pnet.h
smc_rx.c net/smc: fix data error when recvmsg with MSG_PEEK flag 2025-02-21 13:49:03 +01:00
smc_rx.h net/smc: fix data error when recvmsg with MSG_PEEK flag 2025-02-21 13:49:03 +01:00
smc_stats.c
smc_stats.h
smc_sysctl.c
smc_sysctl.h
smc_tracepoint.c
smc_tracepoint.h
smc_tx.c
smc_tx.h
smc_wr.c
smc_wr.h
smc.h