]>
Commit | Line | Data |
---|---|---|
28cd9a8f GKH |
1 | From 595346d0cfb8f16c971429de4d75dad9929c913a Mon Sep 17 00:00:00 2001 |
2 | From: Pavel Emelyanov <xemul@parallels.com> | |
3 | Date: Mon, 29 Oct 2012 05:05:33 +0000 | |
4 | Subject: tcp-repair: Handle zero-length data put in rcv queue | |
5 | ||
6 | ||
7 | From: Pavel Emelyanov <xemul@parallels.com> | |
8 | ||
9 | [ Upstream commit c454e6111d1ef4268fe98e87087216e51c2718c3 ] | |
10 | ||
11 | When sending data into a tcp socket in repair state we should check | |
12 | for the amount of data being 0 explicitly. Otherwise we'll have an skb | |
13 | with seq == end_seq in rcv queue, but tcp doesn't expect this to happen | |
14 | (in particular a warn_on in tcp_recvmsg shoots). | |
15 | ||
16 | Signed-off-by: Pavel Emelyanov <xemul@parallels.com> | |
17 | Reported-by: Giorgos Mavrikas <gmavrikas@gmail.com> | |
18 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
19 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
20 | --- | |
21 | net/ipv4/tcp_input.c | 3 +++ | |
22 | 1 file changed, 3 insertions(+) | |
23 | ||
24 | --- a/net/ipv4/tcp_input.c | |
25 | +++ b/net/ipv4/tcp_input.c | |
26 | @@ -4556,6 +4556,9 @@ int tcp_send_rcvq(struct sock *sk, struc | |
27 | struct tcphdr *th; | |
28 | bool fragstolen; | |
29 | ||
30 | + if (size == 0) | |
31 | + return 0; | |
32 | + | |
33 | skb = alloc_skb(size + sizeof(*th), sk->sk_allocation); | |
34 | if (!skb) | |
35 | goto err; |