diff options
| author | gVisor bot <gvisor-bot@google.com> | 2021-04-22 23:38:19 +0000 |
|---|---|---|
| committer | gVisor bot <gvisor-bot@google.com> | 2021-04-22 23:38:19 +0000 |
| commit | 263d3a106bd707da59e359a88a9114b1e09c5eee (patch) | |
| tree | 5bd0a055cb79c86f17e089734142629094bacef3 /pkg/sentry/syscalls | |
| parent | 42ab6ba3f895199ebcad7093dc2f7e98133898ae (diff) | |
| parent | 2739cf46284f2786ad33b545d55b8178bc46f7de (diff) | |
Merge release-20210419.0-22-g2739cf462 (automated)
Diffstat (limited to 'pkg/sentry/syscalls')
| -rw-r--r-- | pkg/sentry/syscalls/linux/sys_socket.go | 13 | ||||
| -rw-r--r-- | pkg/sentry/syscalls/linux/vfs2/socket.go | 13 |
2 files changed, 20 insertions, 6 deletions
diff --git a/pkg/sentry/syscalls/linux/sys_socket.go b/pkg/sentry/syscalls/linux/sys_socket.go index eff251cec..5e9e940df 100644 --- a/pkg/sentry/syscalls/linux/sys_socket.go +++ b/pkg/sentry/syscalls/linux/sys_socket.go @@ -383,12 +383,19 @@ func Listen(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscal // Linux treats incoming backlog as uint with a limit defined by // sysctl_somaxconn. // https://github.com/torvalds/linux/blob/7acac4b3196/net/socket.c#L1666 - // - // We use the backlog to allocate a channel of that size, hence enforce - // a hard limit for the backlog. backlog = maxListenBacklog } + // Accept one more than the configured listen backlog to keep in parity with + // Linux. Ref, because of missing equality check here: + // https://github.com/torvalds/linux/blob/7acac4b3196/include/net/sock.h#L937 + // + // In case of unix domain sockets, the following check + // https://github.com/torvalds/linux/blob/7d6beb71da3/net/unix/af_unix.c#L1293 + // will allow 1 connect through since it checks for a receive queue len > + // backlog and not >=. + backlog++ + return 0, nil, s.Listen(t, int(backlog)).ToError() } diff --git a/pkg/sentry/syscalls/linux/vfs2/socket.go b/pkg/sentry/syscalls/linux/vfs2/socket.go index 936614eab..6edde0ed1 100644 --- a/pkg/sentry/syscalls/linux/vfs2/socket.go +++ b/pkg/sentry/syscalls/linux/vfs2/socket.go @@ -387,12 +387,19 @@ func Listen(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscal // Linux treats incoming backlog as uint with a limit defined by // sysctl_somaxconn. // https://github.com/torvalds/linux/blob/7acac4b3196/net/socket.c#L1666 - // - // We use the backlog to allocate a channel of that size, hence enforce - // a hard limit for the backlog. backlog = maxListenBacklog } + // Accept one more than the configured listen backlog to keep in parity with + // Linux. Ref, because of missing equality check here: + // https://github.com/torvalds/linux/blob/7acac4b3196/include/net/sock.h#L937 + // + // In case of unix domain sockets, the following check + // https://github.com/torvalds/linux/blob/7d6beb71da3/net/unix/af_unix.c#L1293 + // will allow 1 connect through since it checks for a receive queue len > + // backlog and not >=. + backlog++ + return 0, nil, s.Listen(t, int(backlog)).ToError() } |