From patchwork Tue Jun 12 23:09:37 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Frank van der Linden <fllinden@amazon.com>
X-Patchwork-Id: 928534
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=pass (p=quarantine dis=none)
	header.from=amazon.com
Authentication-Results: ozlabs.org; dkim=pass (1024-bit key;
	unprotected) header.d=amazon.com header.i=@amazon.com
	header.b="JsjBzen2"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 4155F72W5Wz9s1R
	for <patchwork-incoming-netdev@ozlabs.org>;
	Wed, 13 Jun 2018 09:09:47 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S934470AbeFLXJm (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Tue, 12 Jun 2018 19:09:42 -0400
Received: from smtp-fw-9101.amazon.com ([207.171.184.25]:12833 "EHLO
	smtp-fw-9101.amazon.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S934002AbeFLXJl (ORCPT
	<rfc822;netdev@vger.kernel.org>); Tue, 12 Jun 2018 19:09:41 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209;
	t=1528844981; x=1560380981;
	h=date:from:to:subject:cc:message-id:mime-version:
	content-transfer-encoding;
	bh=H8Gr4vRMOPD0fgp81/BwebM+6A1dYRVbPdepcia2VKs=;
	b=JsjBzen2MwjrF6cev+dZG3RZhhdTsUXBaquDyk/EYn35XNztfk7QrexT
	SxH5GxNrDdtyjmwHWozLazvZrtPSyvwcq3ji4HaIxLrjVnB9wtuYSaLlI
	7ffLT2IO2JciCM4D6uPlHP/MD7kFeZBsIgsXKYqQjdRvZxDYLncfXeREI I=;
X-IronPort-AV: E=Sophos;i="5.51,216,1526342400"; d="scan'208";a="745815318"
Received: from sea3-co-svc-lb6-vlan3.sea.amazon.com (HELO
	email-inbound-relay-1d-98acfc19.us-east-1.amazon.com)
	([10.47.22.38]) by smtp-border-fw-out-9101.sea19.amazon.com with
	ESMTP/TLS/DHE-RSA-AES256-SHA; 12 Jun 2018 23:09:39 +0000
Received: from EX13MTAUWB001.ant.amazon.com
	(iad55-ws-svc-p15-lb9-vlan2.iad.amazon.com [10.40.159.162])
	by email-inbound-relay-1d-98acfc19.us-east-1.amazon.com
	(8.14.7/8.14.7) with ESMTP id w5CN9bcX060212
	(version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL);
	Tue, 12 Jun 2018 23:09:39 GMT
Received: from EX13D13UWB002.ant.amazon.com (10.43.161.21) by
	EX13MTAUWB001.ant.amazon.com (10.43.161.249) with Microsoft SMTP
	Server (TLS) id 15.0.1367.3; Tue, 12 Jun 2018 23:09:38 +0000
Received: from EX13MTAUWB001.ant.amazon.com (10.43.161.207) by
	EX13D13UWB002.ant.amazon.com (10.43.161.21) with Microsoft SMTP
	Server (TLS) id 15.0.1367.3; Tue, 12 Jun 2018 23:09:38 +0000
Received: from kaos-source-ops-60001.pdx1.corp.amazon.com (10.36.130.203) by
	mail-relay.amazon.com (10.43.161.249) with Microsoft SMTP Server id
	15.0.1367.3 via Frontend Transport; Tue, 12 Jun 2018 23:09:38 +0000
Received: by kaos-source-ops-60001.pdx1.corp.amazon.com (Postfix,
	from userid 6262777)
	id 129DEBFC2C; Tue, 12 Jun 2018 23:09:37 +0000 (UTC)
Date: Tue, 12 Jun 2018 23:09:37 +0000
From: Frank van der Linden <fllinden@amazon.com>
To: <edumazet@google.com>, <netdev@vger.kernel.org>
Subject: [PATCH v3] tcp: verify the checksum of the first data segment in
	a new connection
CC: <fllinden@amazon.com>
Message-ID: <5b2052b1.eyFJo5VnqmUbz/O6%fllinden@amazon.com>
User-Agent: Heirloom mailx 12.4 7/29/08
MIME-Version: 1.0
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

commit 079096f103fa ("tcp/dccp: install syn_recv requests into ehash
table") introduced an optimization for the handling of child sockets
created for a new TCP connection.

But this optimization passes any data associated with the last ACK of the
connection handshake up the stack without verifying its checksum, because it
calls tcp_child_process(), which in turn calls tcp_rcv_state_process()
directly.  These lower-level processing functions do not do any checksum
verification.

Insert a tcp_checksum_complete call in the TCP_NEW_SYN_RECEIVE path to
fix this.

Signed-off-by: Frank van der Linden <fllinden@amazon.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Tested-by: Balbir Singh <bsingharora@gmail.com>
Reviewed-by: Balbir Singh <bsingharora@gmail.com>
---
 net/ipv4/tcp_ipv4.c | 4 ++++
 net/ipv6/tcp_ipv6.c | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index f70586b..ef8cd0f 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1689,6 +1689,10 @@ int tcp_v4_rcv(struct sk_buff *skb)
 			reqsk_put(req);
 			goto discard_it;
 		}
+		if (tcp_checksum_complete(skb)) {
+			reqsk_put(req);
+			goto csum_error;
+		}
 		if (unlikely(sk->sk_state != TCP_LISTEN)) {
 			inet_csk_reqsk_queue_drop_and_put(sk, req);
 			goto lookup;
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 6d664d8..5d4eb9d 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -1475,6 +1475,10 @@ static int tcp_v6_rcv(struct sk_buff *skb)
 			reqsk_put(req);
 			goto discard_it;
 		}
+		if (tcp_checksum_complete(skb)) {
+			reqsk_put(req);
+			goto csum_error;
+		}
 		if (unlikely(sk->sk_state != TCP_LISTEN)) {
 			inet_csk_reqsk_queue_drop_and_put(sk, req);
 			goto lookup;