| From foo@baz Thu Mar 28 21:57:57 CET 2019 |
| From: Paolo Abeni <pabeni@redhat.com> |
| Date: Mon, 25 Mar 2019 14:18:06 +0100 |
| Subject: net: datagram: fix unbounded loop in __skb_try_recv_datagram() |
| |
| From: Paolo Abeni <pabeni@redhat.com> |
| |
| [ Upstream commit 0b91bce1ebfc797ff3de60c8f4a1e6219a8a3187 ] |
| |
| Christoph reported a stall while peeking datagram with an offset when |
| busy polling is enabled. __skb_try_recv_datagram() uses as the loop |
| termination condition 'queue empty'. When peeking, the socket |
| queue can be not empty, even when no additional packets are received. |
| |
| Address the issue explicitly checking for receive queue changes, |
| as currently done by __skb_wait_for_more_packets(). |
| |
| Fixes: 2b5cd0dfa384 ("net: Change return type of sk_busy_loop from bool to void") |
| Reported-and-tested-by: Christoph Paasch <cpaasch@apple.com> |
| Signed-off-by: Paolo Abeni <pabeni@redhat.com> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| net/core/datagram.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- a/net/core/datagram.c |
| +++ b/net/core/datagram.c |
| @@ -281,7 +281,7 @@ struct sk_buff *__skb_try_recv_datagram( |
| break; |
| |
| sk_busy_loop(sk, flags & MSG_DONTWAIT); |
| - } while (!skb_queue_empty(&sk->sk_receive_queue)); |
| + } while (sk->sk_receive_queue.prev != *last); |
| |
| error = -EAGAIN; |
| |
