aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2006-10-03 14:35:49 -0700
committerDavid S. Miller <davem@sunset.davemloft.net>2006-10-04 00:31:00 -0700
commit1e0c14f49d6b393179f423abbac47f85618d3d46 (patch)
tree9d789c9e4988f96a2da35506f12aeeb5b945432d
parent132a55f3c5c0b1a364d32f65595ad8838c30a60e (diff)
downloadkernel_samsung_smdk4412-1e0c14f49d6b393179f423abbac47f85618d3d46.tar.gz
kernel_samsung_smdk4412-1e0c14f49d6b393179f423abbac47f85618d3d46.tar.bz2
kernel_samsung_smdk4412-1e0c14f49d6b393179f423abbac47f85618d3d46.zip
[UDP]: Fix MSG_PROBE crash
UDP tracks corking status through the pending variable. The IP layer also tracks it through the socket write queue. It is possible for the two to get out of sync when MSG_PROBE is used. This patch changes UDP to check the write queue to ensure that the two stay in sync. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/ipv4/udp.c2
-rw-r--r--net/ipv6/udp.c2
2 files changed, 4 insertions, 0 deletions
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index 6d6142f9c47..865d75214a9 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -675,6 +675,8 @@ do_append_data:
udp_flush_pending_frames(sk);
else if (!corkreq)
err = udp_push_pending_frames(sk, up);
+ else if (unlikely(skb_queue_empty(&sk->sk_write_queue)))
+ up->pending = 0;
release_sock(sk);
out:
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index 552ec0f449a..e0c3934a7e4 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -770,6 +770,8 @@ do_append_data:
udp_v6_flush_pending_frames(sk);
else if (!corkreq)
err = udp_v6_push_pending_frames(sk, up);
+ else if (unlikely(skb_queue_empty(&sk->sk_write_queue)))
+ up->pending = 0;
if (dst) {
if (connected) {