ip: fix error queue empty skb handling

When reading from the error queue, msg_name and msg_control are only populated for some errors. A new exception for empty timestamp skbs added a false positive on icmp errors without payload. `traceroute -M udpconn` only displayed gateways that return payload with the icmp error: the embedded network headers are pulled before sock_queue_err_skb, leaving an skb with skb->len == 0 otherwise. Fix this regression by refining when msg_name and msg_control branches are taken. The solutions for the two fields are independent. msg_name only makes sense for errors that configure serr->port and serr->addr_offset. Test the first instead of skb->len. This also fixes another issue. saddr could hold the wrong data, as serr->addr_offset is not initialized in some code paths, pointing to the start of the network header. It is only valid when serr->port is set (non-zero). msg_control support differs between IPv4 and IPv6. IPv4 only honors requests for ICMP and timestamps with SOF_TIMESTAMPING_OPT_CMSG. The skb->len test can simply be removed, because skb->dev is also tested and never true for empty skbs. IPv6 honors requests for all errors aside from local errors and timestamps on empty skbs. In both cases, make the policy more explicit by moving this logic to a new function that decides whether to process msg_control and that optionally prepares the necessary fields in skb->cb[]. After this change, the IPv4 and IPv6 paths are more similar. The last case is rxrpc. Here, simply refine to only match timestamps. Fixes: 49ca0d8bfaf3 ("net-timestamp: no-payload option") Reported-by: Jan Niehusmann <jan@gondor.com> Signed-off-by: Willem de Bruijn <willemb@google.com> ---- Changes v1->v2 - fix local origin test inversion in ip6_datagram_support_cmsg - make v4 and v6 code paths more similar by introducing analogous ipv4_datagram_support_cmsg - fix compile bug in rxrpc Signed-off-by: David S. Miller <davem@davemloft.net>
author: Willem de Bruijn <willemb@google.com> 2015-03-07 20:33:22 -0500
committer: David S. Miller <davem@davemloft.net> 2015-03-08 23:01:54 -0400
commit: c247f0534cc5a5a547a343903f42295a471844e2 (patch)
tree: b823df3d0814df0227bcb0f049ccc6569c36f843
parent: 8edfe3b6fad28da191c8fa15e4e0d8f7335a0091 (diff)
3 files changed, 53 insertions, 23 deletions
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index 31d8c71986b4..5cd99271d3a6 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -432,17 +432,32 @@ void ip_local_error(struct sock *sk, int err, __be32 daddr, __be16 port, u32 inf
                kfree_skb(skb);
 }
-static bool ipv4_pktinfo_prepare_errqueue(const struct sock *sk,
+/* IPv4 supports cmsg on all imcp errors and some timestamps
-                                          const struct sk_buff *skb,
+ *
-                                          int ee_origin)
+ * Timestamp code paths do not initialize the fields expected by cmsg:
+ * the PKTINFO fields in skb->cb[]. Fill those in here.
+ */
+static bool ipv4_datagram_support_cmsg(const struct sock *sk,
+                                       struct sk_buff *skb,
+                                       int ee_origin)
 {
-        struct in_pktinfo *info = PKTINFO_SKB_CB(skb);
+        struct in_pktinfo *info;
+        if (ee_origin == SO_EE_ORIGIN_ICMP)
+                return true;
-        if ((ee_origin != SO_EE_ORIGIN_TIMESTAMPING) ||
+        if (ee_origin == SO_EE_ORIGIN_LOCAL)
-            (!(sk->sk_tsflags & SOF_TIMESTAMPING_OPT_CMSG)) ||
+                return false;
+        /* Support IP_PKTINFO on tstamp packets if requested, to correlate
+         * timestamp with egress dev. Not possible for packets without dev
+         * or without payload (SOF_TIMESTAMPING_OPT_TSONLY).
+         */
+        if ((!(sk->sk_tsflags & SOF_TIMESTAMPING_OPT_CMSG)) ||
            (!skb->dev))
                return false;
+        info = PKTINFO_SKB_CB(skb);
        info->ipi_spec_dst.s_addr = ip_hdr(skb)->saddr;
        info->ipi_ifindex = skb->dev->ifindex;
        return true;
@@ -483,7 +498,7 @@ int ip_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len)
        serr = SKB_EXT_ERR(skb);
-        if (sin && skb->len) {
+        if (sin && serr->port) {
                sin->sin_family = AF_INET;
                sin->sin_addr.s_addr = *(__be32 *)(skb_network_header(skb) +
                                                   serr->addr_offset);
@@ -496,9 +511,7 @@ int ip_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len)
        sin = &errhdr.offender;
        memset(sin, 0, sizeof(*sin));
-        if (skb->len &&
+        if (ipv4_datagram_support_cmsg(sk, skb, serr->ee.ee_origin)) {
-            (serr->ee.ee_origin == SO_EE_ORIGIN_ICMP ||
-             ipv4_pktinfo_prepare_errqueue(sk, skb, serr->ee.ee_origin))) {
                sin->sin_family = AF_INET;
                sin->sin_addr.s_addr = ip_hdr(skb)->saddr;
                if (inet_sk(sk)->cmsg_flags)
diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c
index c215be70cac0..ace8daca5c83 100644
--- a/net/ipv6/datagram.c
+++ b/net/ipv6/datagram.c
@@ -325,14 +325,34 @@ void ipv6_local_rxpmtu(struct sock *sk, struct flowi6 *fl6, u32 mtu)
        kfree_skb(skb);
 }
-static void ip6_datagram_prepare_pktinfo_errqueue(struct sk_buff *skb)
+/* IPv6 supports cmsg on all origins aside from SO_EE_ORIGIN_LOCAL.
+ *
+ * At one point, excluding local errors was a quick test to identify icmp/icmp6
+ * errors. This is no longer true, but the test remained, so the v6 stack,
+ * unlike v4, also honors cmsg requests on all wifi and timestamp errors.
+ *
+ * Timestamp code paths do not initialize the fields expected by cmsg:
+ * the PKTINFO fields in skb->cb[]. Fill those in here.
+ */
+static bool ip6_datagram_support_cmsg(struct sk_buff *skb,
+                                      struct sock_exterr_skb *serr)
 {
-        int ifindex = skb->dev ? skb->dev->ifindex : -1;
+        if (serr->ee.ee_origin == SO_EE_ORIGIN_ICMP ||
+            serr->ee.ee_origin == SO_EE_ORIGIN_ICMP6)
+                return true;
+        if (serr->ee.ee_origin == SO_EE_ORIGIN_LOCAL)
+                return false;
+        if (!skb->dev)
+                return false;
        if (skb->protocol == htons(ETH_P_IPV6))
-                IP6CB(skb)->iif = ifindex;
+                IP6CB(skb)->iif = skb->dev->ifindex;
        else
-                PKTINFO_SKB_CB(skb)->ipi_ifindex = ifindex;
+                PKTINFO_SKB_CB(skb)->ipi_ifindex = skb->dev->ifindex;
+        return true;
 }
 /*
@@ -369,7 +389,7 @@ int ipv6_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len)
        serr = SKB_EXT_ERR(skb);
-        if (sin && skb->len) {
+        if (sin && serr->port) {
                const unsigned char *nh = skb_network_header(skb);
                sin->sin6_family = AF_INET6;
                sin->sin6_flowinfo = 0;
@@ -394,14 +414,11 @@ int ipv6_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len)
        memcpy(&errhdr.ee, &serr->ee, sizeof(struct sock_extended_err));
        sin = &errhdr.offender;
        memset(sin, 0, sizeof(*sin));
-        if (serr->ee.ee_origin != SO_EE_ORIGIN_LOCAL && skb->len) {
+        if (ip6_datagram_support_cmsg(skb, serr)) {
                sin->sin6_family = AF_INET6;
-                if (np->rxopt.all) {
+                if (np->rxopt.all)
-                        if (serr->ee.ee_origin != SO_EE_ORIGIN_ICMP &&
-                            serr->ee.ee_origin != SO_EE_ORIGIN_ICMP6)
-                                ip6_datagram_prepare_pktinfo_errqueue(skb);
                        ip6_datagram_recv_common_ctl(sk, msg, skb);
-                }
                if (skb->protocol == htons(ETH_P_IPV6)) {
                        sin->sin6_addr = ipv6_hdr(skb)->saddr;
                        if (np->rxopt.all)
diff --git a/net/rxrpc/ar-error.c b/net/rxrpc/ar-error.c
index 5394b6be46ec..0610efa83d72 100644
--- a/net/rxrpc/ar-error.c
+++ b/net/rxrpc/ar-error.c
@@ -42,7 +42,8 @@ void rxrpc_UDP_error_report(struct sock *sk)
                _leave("UDP socket errqueue empty");
                return;
        }
-        if (!skb->len) {
+        serr = SKB_EXT_ERR(skb);
+        if (!skb->len && serr->ee.ee_origin == SO_EE_ORIGIN_TIMESTAMPING) {
                _leave("UDP empty message");
                kfree_skb(skb);
                return;
@@ -50,7 +51,6 @@ void rxrpc_UDP_error_report(struct sock *sk)
        rxrpc_new_skb(skb);
-        serr = SKB_EXT_ERR(skb);
        addr = *(__be32 *)(skb_network_header(skb) + serr->addr_offset);
        port = serr->port;
author	Willem de Bruijn <willemb@google.com>	2015-03-07 20:33:22 -0500
committer	David S. Miller <davem@davemloft.net>	2015-03-08 23:01:54 -0400
commit	c247f0534cc5a5a547a343903f42295a471844e2 (patch)
tree	b823df3d0814df0227bcb0f049ccc6569c36f843
parent	8edfe3b6fad28da191c8fa15e4e0d8f7335a0091 (diff)

diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 31d8c71986b4..5cd99271d3a6 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c
@@ -432,17 +432,32 @@ void ip_local_error(struct sock *sk, int err, __be32 daddr, __be16 port, u32 inf
432	kfree_skb(skb);	432	kfree_skb(skb);
433	}	433	}
434		434
435	static bool ipv4_pktinfo_prepare_errqueue(const struct sock *sk,	435	/* IPv4 supports cmsg on all imcp errors and some timestamps
436	const struct sk_buff *skb,	436	*
437	int ee_origin)	437	* Timestamp code paths do not initialize the fields expected by cmsg:
		438	* the PKTINFO fields in skb->cb[]. Fill those in here.
		439	*/
		440	static bool ipv4_datagram_support_cmsg(const struct sock *sk,
		441	struct sk_buff *skb,
		442	int ee_origin)
438	{	443	{
439	struct in_pktinfo *info = PKTINFO_SKB_CB(skb);	444	struct in_pktinfo *info;
		445
		446	if (ee_origin == SO_EE_ORIGIN_ICMP)
		447	return true;
440		448
441	if ((ee_origin != SO_EE_ORIGIN_TIMESTAMPING) \|\|	449	if (ee_origin == SO_EE_ORIGIN_LOCAL)
442	(!(sk->sk_tsflags & SOF_TIMESTAMPING_OPT_CMSG)) \|\|	450	return false;
		451
		452	/* Support IP_PKTINFO on tstamp packets if requested, to correlate
		453	* timestamp with egress dev. Not possible for packets without dev
		454	* or without payload (SOF_TIMESTAMPING_OPT_TSONLY).
		455	*/
		456	if ((!(sk->sk_tsflags & SOF_TIMESTAMPING_OPT_CMSG)) \|\|
443	(!skb->dev))	457	(!skb->dev))
444	return false;	458	return false;
445		459
		460	info = PKTINFO_SKB_CB(skb);
446	info->ipi_spec_dst.s_addr = ip_hdr(skb)->saddr;	461	info->ipi_spec_dst.s_addr = ip_hdr(skb)->saddr;
447	info->ipi_ifindex = skb->dev->ifindex;	462	info->ipi_ifindex = skb->dev->ifindex;
448	return true;	463	return true;
@@ -483,7 +498,7 @@ int ip_recv_error(struct sock sk, struct msghdr msg, int len, int *addr_len)
483		498
484	serr = SKB_EXT_ERR(skb);	499	serr = SKB_EXT_ERR(skb);
485		500
486	if (sin && skb->len) {	501	if (sin && serr->port) {
487	sin->sin_family = AF_INET;	502	sin->sin_family = AF_INET;
488	sin->sin_addr.s_addr = (__be32 )(skb_network_header(skb) +	503	sin->sin_addr.s_addr = (__be32 )(skb_network_header(skb) +
489	serr->addr_offset);	504	serr->addr_offset);
@@ -496,9 +511,7 @@ int ip_recv_error(struct sock sk, struct msghdr msg, int len, int *addr_len)
496	sin = &errhdr.offender;	511	sin = &errhdr.offender;
497	memset(sin, 0, sizeof(*sin));	512	memset(sin, 0, sizeof(*sin));
498		513
499	if (skb->len &&	514	if (ipv4_datagram_support_cmsg(sk, skb, serr->ee.ee_origin)) {
500	(serr->ee.ee_origin == SO_EE_ORIGIN_ICMP \|\|
501	ipv4_pktinfo_prepare_errqueue(sk, skb, serr->ee.ee_origin))) {
502	sin->sin_family = AF_INET;	515	sin->sin_family = AF_INET;
503	sin->sin_addr.s_addr = ip_hdr(skb)->saddr;	516	sin->sin_addr.s_addr = ip_hdr(skb)->saddr;
504	if (inet_sk(sk)->cmsg_flags)	517	if (inet_sk(sk)->cmsg_flags)


diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c index c215be70cac0..ace8daca5c83 100644 --- a/net/ipv6/datagram.c +++ b/net/ipv6/datagram.c
@@ -325,14 +325,34 @@ void ipv6_local_rxpmtu(struct sock sk, struct flowi6 fl6, u32 mtu)
325	kfree_skb(skb);	325	kfree_skb(skb);
326	}	326	}
327		327
328	static void ip6_datagram_prepare_pktinfo_errqueue(struct sk_buff *skb)	328	/* IPv6 supports cmsg on all origins aside from SO_EE_ORIGIN_LOCAL.
		329	*
		330	* At one point, excluding local errors was a quick test to identify icmp/icmp6
		331	* errors. This is no longer true, but the test remained, so the v6 stack,
		332	* unlike v4, also honors cmsg requests on all wifi and timestamp errors.
		333	*
		334	* Timestamp code paths do not initialize the fields expected by cmsg:
		335	* the PKTINFO fields in skb->cb[]. Fill those in here.
		336	*/
		337	static bool ip6_datagram_support_cmsg(struct sk_buff *skb,
		338	struct sock_exterr_skb *serr)
329	{	339	{
330	int ifindex = skb->dev ? skb->dev->ifindex : -1;	340	if (serr->ee.ee_origin == SO_EE_ORIGIN_ICMP \|\|
		341	serr->ee.ee_origin == SO_EE_ORIGIN_ICMP6)
		342	return true;
		343
		344	if (serr->ee.ee_origin == SO_EE_ORIGIN_LOCAL)
		345	return false;
		346
		347	if (!skb->dev)
		348	return false;
331		349
332	if (skb->protocol == htons(ETH_P_IPV6))	350	if (skb->protocol == htons(ETH_P_IPV6))
333	IP6CB(skb)->iif = ifindex;	351	IP6CB(skb)->iif = skb->dev->ifindex;
334	else	352	else
335	PKTINFO_SKB_CB(skb)->ipi_ifindex = ifindex;	353	PKTINFO_SKB_CB(skb)->ipi_ifindex = skb->dev->ifindex;
		354
		355	return true;
336	}	356	}
337		357
338	/*	358	/*
@@ -369,7 +389,7 @@ int ipv6_recv_error(struct sock sk, struct msghdr msg, int len, int *addr_len)
369		389
370	serr = SKB_EXT_ERR(skb);	390	serr = SKB_EXT_ERR(skb);
371		391
372	if (sin && skb->len) {	392	if (sin && serr->port) {
373	const unsigned char *nh = skb_network_header(skb);	393	const unsigned char *nh = skb_network_header(skb);
374	sin->sin6_family = AF_INET6;	394	sin->sin6_family = AF_INET6;
375	sin->sin6_flowinfo = 0;	395	sin->sin6_flowinfo = 0;
@@ -394,14 +414,11 @@ int ipv6_recv_error(struct sock sk, struct msghdr msg, int len, int *addr_len)
394	memcpy(&errhdr.ee, &serr->ee, sizeof(struct sock_extended_err));	414	memcpy(&errhdr.ee, &serr->ee, sizeof(struct sock_extended_err));
395	sin = &errhdr.offender;	415	sin = &errhdr.offender;
396	memset(sin, 0, sizeof(*sin));	416	memset(sin, 0, sizeof(*sin));
397	if (serr->ee.ee_origin != SO_EE_ORIGIN_LOCAL && skb->len) {	417
		418	if (ip6_datagram_support_cmsg(skb, serr)) {
398	sin->sin6_family = AF_INET6;	419	sin->sin6_family = AF_INET6;
399	if (np->rxopt.all) {	420	if (np->rxopt.all)
400	if (serr->ee.ee_origin != SO_EE_ORIGIN_ICMP &&
401	serr->ee.ee_origin != SO_EE_ORIGIN_ICMP6)
402	ip6_datagram_prepare_pktinfo_errqueue(skb);
403	ip6_datagram_recv_common_ctl(sk, msg, skb);	421	ip6_datagram_recv_common_ctl(sk, msg, skb);
404	}
405	if (skb->protocol == htons(ETH_P_IPV6)) {	422	if (skb->protocol == htons(ETH_P_IPV6)) {
406	sin->sin6_addr = ipv6_hdr(skb)->saddr;	423	sin->sin6_addr = ipv6_hdr(skb)->saddr;
407	if (np->rxopt.all)	424	if (np->rxopt.all)


diff --git a/net/rxrpc/ar-error.c b/net/rxrpc/ar-error.c index 5394b6be46ec..0610efa83d72 100644 --- a/net/rxrpc/ar-error.c +++ b/net/rxrpc/ar-error.c
@@ -42,7 +42,8 @@ void rxrpc_UDP_error_report(struct sock *sk)
42	_leave("UDP socket errqueue empty");	42	_leave("UDP socket errqueue empty");
43	return;	43	return;
44	}	44	}
45	if (!skb->len) {	45	serr = SKB_EXT_ERR(skb);
		46	if (!skb->len && serr->ee.ee_origin == SO_EE_ORIGIN_TIMESTAMPING) {
46	_leave("UDP empty message");	47	_leave("UDP empty message");
47	kfree_skb(skb);	48	kfree_skb(skb);
48	return;	49	return;
@@ -50,7 +51,6 @@ void rxrpc_UDP_error_report(struct sock *sk)
50		51
51	rxrpc_new_skb(skb);	52	rxrpc_new_skb(skb);
52		53
53	serr = SKB_EXT_ERR(skb);
54	addr = (__be32 )(skb_network_header(skb) + serr->addr_offset);	54	addr = (__be32 )(skb_network_header(skb) + serr->addr_offset);
55	port = serr->port;	55	port = serr->port;
56		56