aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlex Juncu <ajuncu@ixiacom.com>2011-12-15 18:01:25 -0500
committerDavid S. Miller <davem@davemloft.net>2011-12-19 15:58:52 -0500
commit9cef310fcdee12b49b8b4c96fd8f611c8873d284 (patch)
tree9822f822a2cdc3bdc1beb70e061fcea006a923f2
parenta03ffcf873fe0f2565386ca8ef832144c42e67fa (diff)
llc: llc_cmsg_rcv was getting called after sk_eat_skb.
Received non stream protocol packets were calling llc_cmsg_rcv that used a skb after that skb was released by sk_eat_skb. This caused received STP packets to generate kernel panics. Signed-off-by: Alexandru Juncu <ajuncu@ixiacom.com> Signed-off-by: Kunjan Naik <knaik@ixiacom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/llc/af_llc.c14
1 files changed, 10 insertions, 4 deletions
diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c
index dfd3a648a551..a18e6c3d36e3 100644
--- a/net/llc/af_llc.c
+++ b/net/llc/af_llc.c
@@ -833,15 +833,15 @@ static int llc_ui_recvmsg(struct kiocb *iocb, struct socket *sock,
833 copied += used; 833 copied += used;
834 len -= used; 834 len -= used;
835 835
836 /* For non stream protcols we get one packet per recvmsg call */
837 if (sk->sk_type != SOCK_STREAM)
838 goto copy_uaddr;
839
836 if (!(flags & MSG_PEEK)) { 840 if (!(flags & MSG_PEEK)) {
837 sk_eat_skb(sk, skb, 0); 841 sk_eat_skb(sk, skb, 0);
838 *seq = 0; 842 *seq = 0;
839 } 843 }
840 844
841 /* For non stream protcols we get one packet per recvmsg call */
842 if (sk->sk_type != SOCK_STREAM)
843 goto copy_uaddr;
844
845 /* Partial read */ 845 /* Partial read */
846 if (used + offset < skb->len) 846 if (used + offset < skb->len)
847 continue; 847 continue;
@@ -857,6 +857,12 @@ copy_uaddr:
857 } 857 }
858 if (llc_sk(sk)->cmsg_flags) 858 if (llc_sk(sk)->cmsg_flags)
859 llc_cmsg_rcv(msg, skb); 859 llc_cmsg_rcv(msg, skb);
860
861 if (!(flags & MSG_PEEK)) {
862 sk_eat_skb(sk, skb, 0);
863 *seq = 0;
864 }
865
860 goto out; 866 goto out;
861} 867}
862 868