Commit 80f13255 authored by Eric Dumazet's avatar Eric Dumazet Committed by Greg Kroah-Hartman

udp: fix poll() issue with zero sized packets

[ Upstream commit e83c6744 ]

Laura tracked poll() [and friends] regression caused by commit
e6afc8ac ("udp: remove headers from UDP packets before queueing")

udp_poll() needs to know if there is a valid packet in receive queue,
even if its payload length is 0.

Change first_packet_length() to return an signed int, and use -1
as the indication of an empty queue.

Fixes: e6afc8ac ("udp: remove headers from UDP packets before queueing")
Reported-by: default avatarLaura Abbott <labbott@redhat.com>
Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Tested-by: default avatarLaura Abbott <labbott@redhat.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent f7b25cb6
...@@ -1182,13 +1182,13 @@ int udp_sendpage(struct sock *sk, struct page *page, int offset, ...@@ -1182,13 +1182,13 @@ int udp_sendpage(struct sock *sk, struct page *page, int offset,
* @sk: socket * @sk: socket
* *
* Drops all bad checksum frames, until a valid one is found. * Drops all bad checksum frames, until a valid one is found.
* Returns the length of found skb, or 0 if none is found. * Returns the length of found skb, or -1 if none is found.
*/ */
static unsigned int first_packet_length(struct sock *sk) static int first_packet_length(struct sock *sk)
{ {
struct sk_buff_head list_kill, *rcvq = &sk->sk_receive_queue; struct sk_buff_head list_kill, *rcvq = &sk->sk_receive_queue;
struct sk_buff *skb; struct sk_buff *skb;
unsigned int res; int res;
__skb_queue_head_init(&list_kill); __skb_queue_head_init(&list_kill);
...@@ -1203,7 +1203,7 @@ static unsigned int first_packet_length(struct sock *sk) ...@@ -1203,7 +1203,7 @@ static unsigned int first_packet_length(struct sock *sk)
__skb_unlink(skb, rcvq); __skb_unlink(skb, rcvq);
__skb_queue_tail(&list_kill, skb); __skb_queue_tail(&list_kill, skb);
} }
res = skb ? skb->len : 0; res = skb ? skb->len : -1;
spin_unlock_bh(&rcvq->lock); spin_unlock_bh(&rcvq->lock);
if (!skb_queue_empty(&list_kill)) { if (!skb_queue_empty(&list_kill)) {
...@@ -1232,7 +1232,7 @@ int udp_ioctl(struct sock *sk, int cmd, unsigned long arg) ...@@ -1232,7 +1232,7 @@ int udp_ioctl(struct sock *sk, int cmd, unsigned long arg)
case SIOCINQ: case SIOCINQ:
{ {
unsigned int amount = first_packet_length(sk); int amount = max_t(int, 0, first_packet_length(sk));
return put_user(amount, (int __user *)arg); return put_user(amount, (int __user *)arg);
} }
...@@ -2184,7 +2184,7 @@ unsigned int udp_poll(struct file *file, struct socket *sock, poll_table *wait) ...@@ -2184,7 +2184,7 @@ unsigned int udp_poll(struct file *file, struct socket *sock, poll_table *wait)
/* Check for false positives due to checksum errors */ /* Check for false positives due to checksum errors */
if ((mask & POLLRDNORM) && !(file->f_flags & O_NONBLOCK) && if ((mask & POLLRDNORM) && !(file->f_flags & O_NONBLOCK) &&
!(sk->sk_shutdown & RCV_SHUTDOWN) && !first_packet_length(sk)) !(sk->sk_shutdown & RCV_SHUTDOWN) && first_packet_length(sk) == -1)
mask &= ~(POLLIN | POLLRDNORM); mask &= ~(POLLIN | POLLRDNORM);
return mask; return mask;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment