[Devel] [PATCH rh7] netlink: Don't manipulate @sk_peek_off if data fetching failed
Andrey Vagin
avagin at virtuozzo.com
Thu Dec 22 16:12:13 PST 2016
On Thu, Dec 22, 2016 at 03:34:15PM -0800, Andrey Vagin wrote:
> On Thu, Dec 22, 2016 at 06:41:42PM +0300, Cyrill Gorcunov wrote:
> > When skb_copy_datagram_iovec called to fetch queued data
> > it may fail with EFAULT and if MSG_PEEK set by a caller
> > the position get advanced even if data hasn't been read.
> > So we might loose data bits here on subsequent recvmsg
> > calls. Instead lets exit early with error.
> >
> > In sake of https://jira.sw.ru/browse/PSBM-57921
> >
> > CC: Andrey Vagin <avagin at openvz.org>
> > Signed-off-by: Cyrill Gorcunov <gorcunov at openvz.org>
> > ---
> > net/netlink/af_netlink.c | 4 ++++
> > 1 file changed, 4 insertions(+)
> >
> > Index: linux-pcs7.git/net/netlink/af_netlink.c
> > ===================================================================
> > --- linux-pcs7.git.orig/net/netlink/af_netlink.c
> > +++ linux-pcs7.git/net/netlink/af_netlink.c
> > @@ -2473,6 +2473,10 @@ static int netlink_recvmsg(struct kiocb
> >
> > skb_reset_transport_header(data_skb);
> > err = skb_copy_datagram_iovec(data_skb, skip, msg->msg_iov, copied);
> > + if (err) {
> > + skb_free_datagram(sk, skb);
>
> hmmm, why do we need to call skb_free_datagram?
It should be ok, skb_free_datagram() decriments a reference counter
Acked-by: Andrey Vagin <avagin at virtuozzo.com>
> > + goto out;
> > + }
> >
> > if (flags & MSG_PEEK)
> > sk_peek_offset_fwd(sk, copied);
> _______________________________________________
> Devel mailing list
> Devel at openvz.org
> https://lists.openvz.org/mailman/listinfo/devel
More information about the Devel
mailing list