Fix for inabiltiy to send zero sized UDP packets (rhbz 1365940)
This commit is contained in:
Laura Abbott
parent
0c1a1f4ca9
commit
8fd61b3a44
|
|
@ -0,0 +1,73 @@
|
|||
From 9f30f83eb6347afa6b1d1df1065608c2b4485e2b Mon Sep 17 00:00:00 2001
|
||||
From: Eric Dumazet <edumazet@google.com>
|
||||
Date: Tue, 23 Aug 2016 13:59:33 -0700
|
||||
Subject: [PATCH] udp: fix poll() issue with zero sized packets
|
||||
|
||||
Laura tracked poll() [and friends] regression caused by commit
|
||||
e6afc8ace6dd ("udp: remove headers from UDP packets before queueing")
|
||||
|
||||
udp_poll() needs to know if there is a valid packet in receive queue,
|
||||
even if its payload length is 0.
|
||||
|
||||
Change first_packet_length() to return an signed int, and use -1
|
||||
as the indication of an empty queue.
|
||||
|
||||
Fixes: e6afc8ace6dd ("udp: remove headers from UDP packets before queueing")
|
||||
Reported-by: Laura Abbott <labbott@redhat.com>
|
||||
Signed-off-by: Eric Dumazet <edumazet@google.com>
|
||||
Tested-by: Laura Abbott <labbott@redhat.com>
|
||||
---
|
||||
net/ipv4/udp.c | 12 ++++++------
|
||||
1 file changed, 6 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
|
||||
index e61f7cd..00d18c5 100644
|
||||
--- a/net/ipv4/udp.c
|
||||
+++ b/net/ipv4/udp.c
|
||||
@@ -1182,13 +1182,13 @@ out:
|
||||
* @sk: socket
|
||||
*
|
||||
* Drops all bad checksum frames, until a valid one is found.
|
||||
- * Returns the length of found skb, or 0 if none is found.
|
||||
+ * Returns the length of found skb, or -1 if none is found.
|
||||
*/
|
||||
-static unsigned int first_packet_length(struct sock *sk)
|
||||
+static int first_packet_length(struct sock *sk)
|
||||
{
|
||||
struct sk_buff_head list_kill, *rcvq = &sk->sk_receive_queue;
|
||||
struct sk_buff *skb;
|
||||
- unsigned int res;
|
||||
+ int res;
|
||||
|
||||
__skb_queue_head_init(&list_kill);
|
||||
|
||||
@@ -1203,7 +1203,7 @@ static unsigned int first_packet_length(struct sock *sk)
|
||||
__skb_unlink(skb, rcvq);
|
||||
__skb_queue_tail(&list_kill, skb);
|
||||
}
|
||||
- res = skb ? skb->len : 0;
|
||||
+ res = skb ? skb->len : -1;
|
||||
spin_unlock_bh(&rcvq->lock);
|
||||
|
||||
if (!skb_queue_empty(&list_kill)) {
|
||||
@@ -1232,7 +1232,7 @@ int udp_ioctl(struct sock *sk, int cmd, unsigned long arg)
|
||||
|
||||
case SIOCINQ:
|
||||
{
|
||||
- unsigned int amount = first_packet_length(sk);
|
||||
+ int amount = max_t(int, 0, first_packet_length(sk));
|
||||
|
||||
return put_user(amount, (int __user *)arg);
|
||||
}
|
||||
@@ -2184,7 +2184,7 @@ unsigned int udp_poll(struct file *file, struct socket *sock, poll_table *wait)
|
||||
|
||||
/* Check for false positives due to checksum errors */
|
||||
if ((mask & POLLRDNORM) && !(file->f_flags & O_NONBLOCK) &&
|
||||
- !(sk->sk_shutdown & RCV_SHUTDOWN) && !first_packet_length(sk))
|
||||
+ !(sk->sk_shutdown & RCV_SHUTDOWN) && first_packet_length(sk) == -1)
|
||||
mask &= ~(POLLIN | POLLRDNORM);
|
||||
|
||||
return mask;
|
||||
--
|
||||
2.7.4
|
||||
|
||||
|
|
@ -612,6 +612,9 @@ Patch842: qxl-reapply-cursor-after-SetCrtc-calls.patch
|
|||
#CVE-2016-6828 rhbz 1367091,1367092
|
||||
Patch843: tcp-fix-use-after-free-in-tcp_xmit_retransmit_queue.patch
|
||||
|
||||
#rhbz 1365940
|
||||
Patch844: 0001-udp-fix-poll-issue-with-zero-sized-packets.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
%endif
|
||||
|
|
@ -2146,6 +2149,9 @@ fi
|
|||
#
|
||||
#
|
||||
%changelog
|
||||
* Tue Aug 23 2016 Laura Abbott <labbott@fedoraproject.org>
|
||||
- Fix for inabiltiy to send zero sized UDP packets (rhbz 1365940)
|
||||
|
||||
* Tue Aug 23 2016 Peter Robinson <pbrobinson@fedoraproject.org>
|
||||
- Qualcomm QDF2432 errata fix
|
||||
- Move to upstream patches for ACPI SPCR (serial console)
|
||||
|
|
|
|||
Loading…
Reference in New Issue