Commit add05ad4 authored by Benjamin Poirier's avatar Benjamin Poirier Committed by David S. Miller

unix/dgram: peek beyond 0-sized skbs

"77c1090f net: fix infinite loop in __skb_recv_datagram()" (v3.8) introduced a
regression:
After that commit, recv can no longer peek beyond a 0-sized skb in the queue.
__skb_recv_datagram() instead stops at the first skb with len == 0 and results
in the system call failing with -EFAULT via skb_copy_datagram_iovec().

When peeking at an offset with 0-sized skb(s), each one of those is received
only once, in sequence. The offset starts moving forward again after receiving
datagrams with len > 0.
Signed-off-by: default avatarBenjamin Poirier <bpoirier@suse.de>
Acked-by: default avatarEric Dumazet <edumazet@google.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent e5195c1f
...@@ -187,7 +187,8 @@ struct sk_buff *__skb_recv_datagram(struct sock *sk, unsigned int flags, ...@@ -187,7 +187,8 @@ struct sk_buff *__skb_recv_datagram(struct sock *sk, unsigned int flags,
skb_queue_walk(queue, skb) { skb_queue_walk(queue, skb) {
*peeked = skb->peeked; *peeked = skb->peeked;
if (flags & MSG_PEEK) { if (flags & MSG_PEEK) {
if (*off >= skb->len && skb->len) { if (*off >= skb->len && (skb->len || *off ||
skb->peeked)) {
*off -= skb->len; *off -= skb->len;
continue; continue;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment