af_iucv: cleanup and refactor recvmsg() EFAULT handling

If the skb cannot be copied to user iovec, always return -EFAULT. The skb is enqueued again, except MSG_PEEK flag is set, to allow user space applications to correct its iovec pointer. Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com> Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>

af_iucv: cleanup and refactor recvmsg() EFAULT handling
If the skb cannot be copied to user iovec, always return -EFAULT. The skb is enqueued again, except MSG_PEEK flag is set, to allow user space applications to correct its iovec pointer. Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com> Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
802788bf · Hendrik Brueckner · David S. Miller · aa8e71f5 · 802788bf
Commit 802788bf authored Apr 21, 2009 by Hendrik Brueckner Committed by David S. Miller Apr 23, 2009
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 7 deletions

net/iucv/af_iucv.c net/iucv/af_iucv.c +3 -7

No files found.
--- a/net/iucv/af_iucv.c
+++ b/net/iucv/af_iucv.c
@@ -965,7 +965,6 @@ static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
 	int noblock = flags & MSG_DONTWAIT;
 	struct sock *sk = sock->sk;
 	struct iucv_sock *iucv = iucv_sk(sk);
-	int target;
 	unsigned int copied, rlen;
 	struct sk_buff *skb, *rskb, *cskb;
 	int err = 0;
@@ -979,8 +978,6 @@ static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
 	if (flags & (MSG_OOB))
 		return -EOPNOTSUPP;
-	target = sock_rcvlowat(sk, flags & MSG_WAITALL, len);
 	skb = skb_recv_datagram(sk, flags, noblock, &err);
 	if (!skb) {
 		if (sk->sk_shutdown & RCV_SHUTDOWN)
@@ -993,10 +990,9 @@ static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
 	cskb = skb;
 	if (memcpy_toiovec(msg->msg_iov, cskb->data, copied)) {
-		skb_queue_head(&sk->sk_receive_queue, skb);
+		if (!(flags & MSG_PEEK))
-		if (copied == 0)
+			skb_queue_head(&sk->sk_receive_queue, skb);
-			return -EFAULT;
+		return -EFAULT;
-		goto done;
 	}
 	/* SOCK_SEQPACKET: set MSG_TRUNC if recv buf size is too small */