projects / thirdparty / kernel / stable-queue.git / blame
| Commit | Line | Data |
|---|---|---|
| 28cd9a8f GKH |
1 | From 595346d0cfb8f16c971429de4d75dad9929c913a Mon Sep 17 00:00:00 2001 |
| 2 | From: Pavel Emelyanov <xemul@parallels.com> | |
| 3 | Date: Mon, 29 Oct 2012 05:05:33 +0000 | |
| 4 | Subject: tcp-repair: Handle zero-length data put in rcv queue | |
| 5 | ||
| 6 | ||
| 7 | From: Pavel Emelyanov <xemul@parallels.com> | |
| 8 | ||
| 9 | [ Upstream commit c454e6111d1ef4268fe98e87087216e51c2718c3 ] | |
| 10 | ||
| 11 | When sending data into a tcp socket in repair state we should check | |
| 12 | for the amount of data being 0 explicitly. Otherwise we'll have an skb | |
| 13 | with seq == end_seq in rcv queue, but tcp doesn't expect this to happen | |
| 14 | (in particular a warn_on in tcp_recvmsg shoots). | |
| 15 | ||
| 16 | Signed-off-by: Pavel Emelyanov <xemul@parallels.com> | |
| 17 | Reported-by: Giorgos Mavrikas <gmavrikas@gmail.com> | |
| 18 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
| 19 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
| 20 | --- | |
| 21 | net/ipv4/tcp_input.c | 3 +++ | |
| 22 | 1 file changed, 3 insertions(+) | |
| 23 | ||
| 24 | --- a/net/ipv4/tcp_input.c | |
| 25 | +++ b/net/ipv4/tcp_input.c | |
| 26 | @@ -4556,6 +4556,9 @@ int tcp_send_rcvq(struct sock *sk, struc | |
| 27 | struct tcphdr *th; | |
| 28 | bool fragstolen; | |
| 29 | ||
| 30 | + if (size == 0) | |
| 31 | + return 0; | |
| 32 | + | |
| 33 | skb = alloc_skb(size + sizeof(*th), sk->sk_allocation); | |
| 34 | if (!skb) | |
| 35 | goto err; |