Subject: net/smc: check return value of sock_recvmsg when draining clc data

JIRA: https://issues.redhat.com/browse/RHEL-73484
Conflicts: Fix merge conflicts - no functional changes.
CVE: CVE-2024-57791

commit c5b8ee5
Author: Guangguan Wang <guangguan.wang@linux.alibaba.com>
Date:   Wed Dec 11 17:21:21 2024 +0800

    net/smc: check return value of sock_recvmsg when draining clc data

    When receiving clc msg, the field length in smc_clc_msg_hdr indicates the
    length of msg should be received from network and the value should not be
    fully trusted as it is from the network. Once the value of length exceeds
    the value of buflen in function smc_clc_wait_msg it may run into deadloop
    when trying to drain the remaining data exceeding buflen.

    This patch checks the return value of sock_recvmsg when draining data in
    case of deadloop in draining.

    Fixes: fb4f792 ("net/smc: tolerate future SMCD versions")
    Signed-off-by: Guangguan Wang <guangguan.wang@linux.alibaba.com>
    Reviewed-by: Wen Gu <guwen@linux.alibaba.com>
    Reviewed-by: D. Wythe <alibuda@linux.alibaba.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

Signed-off-by: Mete Durlu <mdurlu@redhat.com>

Author: Mete Durlu

net/smc/smc_clc.c

@@ -774,6 +774,11 @@ int smc_clc_wait_msg(struct smc_sock *smc, void *buf, int buflen,
 						SMC_CLC_RECV_BUF_LEN : datlen;
 		iov_iter_kvec(&msg.msg_iter, READ, &vec, 1, recvlen);
 		len = sock_recvmsg(smc->clcsock, &msg, krflags);
+		if (len < recvlen) {
+			smc->sk.sk_err = EPROTO;
+			reason_code = -EPROTO;
+			goto out;
+		}
 		datlen -= len;
 	}
 	if (clcm->type == SMC_CLC_DECLINE) {