[IrDA]: Correctly handling socket error

This patch fixes an oops first reported in mid 2006 - see
http://lkml.org/lkml/2006/8/29/358 The cause of this bug report is that
when an error is signalled on the socket, irda_recvmsg_stream returns
without removing a local wait_queue variable from the socket's sk_sleep
queue. This causes havoc further down the road.

In response to this problem, a patch was made that invoked sock_orphan on
the socket when receiving a disconnect indication. This is not a good fix,
as this sets sk_sleep to NULL, causing applications sleeping in recvmsg
(and other places) to oops.

This is against the latest net-2.6 and should be considered for -stable
inclusion. 

Signed-off-by: Olaf Kirch <olaf.kirch@oracle.com>
Signed-off-by: Samuel Ortiz <samuel@sortiz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 1 insertions, 2 deletions

diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c
index eabd6838f50a..0eb7d596d470 100644
--- a/net/irda/af_irda.c
+++ b/net/irda/af_irda.c
@@ -138,7 +138,6 @@ static void irda_disconnect_indication(void *instance, void *sap,
                 sk->sk_shutdown |= SEND_SHUTDOWN;
 
                 sk->sk_state_change(sk);
-                sock_orphan(sk);
                 release_sock(sk);
 
                 /* Close our TSAP.
@@ -1446,7 +1445,7 @@ static int irda_recvmsg_stream(struct kiocb *iocb, struct socket *sock,
                          */
                         ret = sock_error(sk);
                         if (ret)
-                                break;
+                                ;
                         else if (sk->sk_shutdown & RCV_SHUTDOWN)
                                 ;
                         else if (noblock)