ia64/linux-2.6.18-xen.hg

changeset 682:fba34c7b1c97

[UDP6]: Fix MSG_PROBE crash

UDP tracks corking status through the pending variable. The
IP layer also tracks it through the socket write queue. It
is possible for the two to get out of sync when MSG_PROBE is
used.

This patch changes UDP to check the write queue to ensure
that the two stay in sync.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author Keir Fraser <keir.fraser@citrix.com>
date Mon Sep 29 09:51:18 2008 +0100 (2008-09-29)
parents cc6fc966c613
children d1c94aa806f7
files net/ipv4/udp.c net/ipv6/udp.c
line diff
     1.1 --- a/net/ipv4/udp.c	Fri Sep 26 14:07:10 2008 +0100
     1.2 +++ b/net/ipv4/udp.c	Mon Sep 29 09:51:18 2008 +0100
     1.3 @@ -651,6 +651,8 @@ do_append_data:
     1.4  		udp_flush_pending_frames(sk);
     1.5  	else if (!corkreq)
     1.6  		err = udp_push_pending_frames(sk, up);
     1.7 +	else if (unlikely(skb_queue_empty(&sk->sk_write_queue)))
     1.8 +		up->pending = 0;
     1.9  	release_sock(sk);
    1.10  
    1.11  out:
     2.1 --- a/net/ipv6/udp.c	Fri Sep 26 14:07:10 2008 +0100
     2.2 +++ b/net/ipv6/udp.c	Mon Sep 29 09:51:18 2008 +0100
     2.3 @@ -834,6 +834,8 @@ do_append_data:
     2.4  		udp_v6_flush_pending_frames(sk);
     2.5  	else if (!corkreq)
     2.6  		err = udp_v6_push_pending_frames(sk, up);
     2.7 +	else if (unlikely(skb_queue_empty(&sk->sk_write_queue)))
     2.8 +		up->pending = 0;
     2.9  
    2.10  	if (dst) {
    2.11  		if (connected) {