llc: Fix race condition in llc_ui_recvmsg (56ac11cf) · Commits · e / devices / android_kernel_fairphone_FP3

net/llc/af_llc.c

+5 −0

Original line number	Diff line number	Diff line
		@@ -713,6 +713,7 @@ static int llc_ui_recvmsg(struct kiocb iocb, struct socket sock,
		struct sk_buff *skb = NULL;
		struct sock *sk = sock->sk;
		struct llc_sock *llc = llc_sk(sk);
		unsigned long cpu_flags;
		size_t copied = 0;
		u32 peek_seq = 0;
		u32 *seq;
		@@ -838,7 +839,9 @@ static int llc_ui_recvmsg(struct kiocb iocb, struct socket sock,
		goto copy_uaddr;

		if (!(flags & MSG_PEEK)) {
		spin_lock_irqsave(&sk->sk_receive_queue.lock, cpu_flags);
		sk_eat_skb(sk, skb, 0);
		spin_unlock_irqrestore(&sk->sk_receive_queue.lock, cpu_flags);
		*seq = 0;
		}

		@@ -859,7 +862,9 @@ static int llc_ui_recvmsg(struct kiocb iocb, struct socket sock,
		llc_cmsg_rcv(msg, skb);

		if (!(flags & MSG_PEEK)) {
		spin_lock_irqsave(&sk->sk_receive_queue.lock, cpu_flags);
		sk_eat_skb(sk, skb, 0);
		spin_unlock_irqrestore(&sk->sk_receive_queue.lock, cpu_flags);
		*seq = 0;
		}