android_kernel_xiaomi_sm8350/net/ipv4
Dimitris Michailidis 9fa5fdf291 tcp: Fix length tcp_splice_data_recv passes to skb_splice_bits.
tcp_splice_data_recv has two lengths to consider: the len parameter it
gets from tcp_read_sock, which specifies the amount of data in the skb,
and rd_desc->count, which is the amount of data the splice caller still
wants.  Currently it passes just the latter to skb_splice_bits, which then
splices min(rd_desc->count, skb->len - offset) bytes.

Most of the time this is fine, except when the skb contains urgent data.
In that case len goes only up to the urgent byte and is less than
skb->len - offset.  By ignoring len tcp_splice_data_recv may a) splice
data tcp_read_sock told it not to, b) return to tcp_read_sock a value > len.

Now, tcp_read_sock doesn't handle used > len and leaves the socket in a
bad state (both sk_receive_queue and copied_seq are bad at that point)
resulting in duplicated data and corruption.

Fix by passing min(rd_desc->count, len) to skb_splice_bits.

Signed-off-by: Dimitris Michailidis <dm@chelsio.com>
Acked-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-01-26 22:15:31 -08:00
..
netfilter netfilter 06/09: nf_conntrack: fix ICMP/ICMPv6 timeout sysctls on big-endian 2009-01-12 21:18:35 -08:00
af_inet.c netns: igmp: allow IPPROTO_IGMP sockets in netns 2008-12-25 16:42:23 -08:00
ah4.c netns xfrm: AH/ESP in netns! 2008-11-25 17:59:27 -08:00
arp.c ipv4: Fix ARP behavior with many mac-vlans 2008-11-16 19:19:38 -08:00
cipso_ipv4.c netlabel: Update kernel configuration API 2008-12-31 12:54:11 -05:00
datagram.c
devinet.c net: clean up net/ipv4/devinet.c 2008-11-03 02:48:48 -08:00
esp4.c netns xfrm: AH/ESP in netns! 2008-11-25 17:59:27 -08:00
fib_frontend.c net: clean up net/ipv4/fib_frontend.c fib_hash.c ip_gre.c 2008-11-03 00:25:16 -08:00
fib_hash.c net: clean up net/ipv4/fib_frontend.c fib_hash.c ip_gre.c 2008-11-03 00:25:16 -08:00
fib_lookup.h
fib_rules.c
fib_semantics.c net: clean up net/ipv4/ah4.c esp4.c fib_semantics.c inet_connection_sock.c inetpeer.c ip_output.c 2008-11-03 00:23:42 -08:00
fib_trie.c net: replace NIPQUAD() in net/ipv4/ net/ipv6/ 2008-10-31 00:53:57 -07:00
icmp.c netns xfrm: lookup in netns 2008-11-25 17:35:18 -08:00
igmp.c netns: igmp: make /proc/net/{igmp,mcfilter} per netns 2008-12-25 16:42:51 -08:00
inet_connection_sock.c net: Fix percpu counters deadlock 2008-12-29 23:04:08 -08:00
inet_diag.c net: Convert TCP/DCCP listening hash tables to use RCU 2008-11-23 17:22:55 -08:00
inet_fragment.c
inet_hashtables.c net: Make sure BHs are disabled in sock_prot_inuse_add() 2008-11-24 00:09:29 -08:00
inet_lro.c include/net net/ - csum_partial - remove unnecessary casts 2008-11-19 15:44:53 -08:00
inet_timewait_sock.c net: convert TCP/DCCP ehash rwlocks to spinlocks 2008-11-20 20:39:09 -08:00
inetpeer.c net: clean up net/ipv4/ah4.c esp4.c fib_semantics.c inet_connection_sock.c inetpeer.c ip_output.c 2008-11-03 00:23:42 -08:00
ip_forward.c net: reduce structures when XFRM=n 2008-10-28 13:24:06 -07:00
ip_fragment.c net: '&' redux 2008-11-03 18:21:05 -08:00
ip_gre.c net: fix tunnels in netns after ndo_ changes 2008-11-23 17:26:26 -08:00
ip_input.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2008-11-18 23:38:23 -08:00
ip_options.c
ip_output.c net: avoid a pair of dst_hold()/dst_release() in ip_push_pending_frames() 2008-11-24 16:07:50 -08:00
ip_sockglue.c net: ip_sockglue.c add static, annotate ports' endianness 2008-11-20 01:54:27 -08:00
ipcomp.c netns xfrm: state lookup in netns 2008-11-25 17:30:50 -08:00
ipconfig.c net: replace NIPQUAD() in net/ipv4/ net/ipv6/ 2008-10-31 00:53:57 -07:00
ipip.c net: fix tunnels in netns after ndo_ changes 2008-11-23 17:26:26 -08:00
ipmr.c ipmr: merge common code 2008-12-16 01:15:11 -08:00
Kconfig
Makefile
netfilter.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6 2008-11-28 02:19:15 -08:00
proc.c net: Fix percpu counters deadlock 2008-12-29 23:04:08 -08:00
protocol.c
raw.c net: avoid a pair of dst_hold()/dst_release() in ip_append_data() 2008-11-24 15:52:46 -08:00
route.c cpumask: prepare for iterators to only go to nr_cpu_ids/nr_cpumask_bits: net 2008-12-29 22:44:47 -08:00
syncookies.c
sysctl_net_ipv4.c net: '&' redux 2008-11-03 18:21:05 -08:00
tcp_bic.c
tcp_cong.c
tcp_cubic.c [TCP] CUBIC v2.3 2008-11-02 00:28:10 -07:00
tcp_diag.c net: inet_diag_handler structs can be const 2008-11-19 15:43:27 -08:00
tcp_highspeed.c
tcp_htcp.c tcp_htcp: last_cong bug fix 2008-11-12 01:41:09 -08:00
tcp_hybla.c
tcp_illinois.c
tcp_input.c net_dma: convert to dma_find_channel 2009-01-06 11:38:15 -07:00
tcp_ipv4.c net_dma: convert to dma_find_channel 2009-01-06 11:38:15 -07:00
tcp_lp.c
tcp_minisocks.c net: clean up net/ipv4/ipip.c raw.c tcp.c tcp_minisocks.c tcp_yeah.c xfrm4_policy.c 2008-11-03 00:24:34 -08:00
tcp_output.c tcp: Always set urgent pointer if it's beyond snd_nxt 2008-12-25 17:12:58 -08:00
tcp_probe.c net: replace NIPQUAD() in net/ipv4/ net/ipv6/ 2008-10-31 00:53:57 -07:00
tcp_scalable.c
tcp_timer.c tcp: Stop scaring users with "treason uncloaked!" 2008-12-18 22:27:42 -08:00
tcp_vegas.c tcp: tcp_vegas cong avoid fix 2008-12-09 00:13:04 -08:00
tcp_vegas.h
tcp_veno.c
tcp_westwood.c
tcp_yeah.c net: clean up net/ipv4/ipip.c raw.c tcp.c tcp_minisocks.c tcp_yeah.c xfrm4_policy.c 2008-11-03 00:24:34 -08:00
tcp.c tcp: Fix length tcp_splice_data_recv passes to skb_splice_bits. 2009-01-26 22:15:31 -08:00
tunnel4.c
udp_impl.h udp: introduce struct udp_table and multiple spinlocks 2008-10-29 01:41:45 -07:00
udp.c udp: optimize bind(0) if many ports are in use 2009-01-26 21:35:35 -08:00
udplite.c udp: RCU handling for Unicast packets. 2008-10-29 02:11:14 -07:00
xfrm4_input.c ipsec: Remove useless ret variable 2008-12-26 01:31:18 -08:00
xfrm4_mode_beet.c
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c
xfrm4_output.c
xfrm4_policy.c netns xfrm: ->get_saddr in netns 2008-11-25 17:56:49 -08:00
xfrm4_state.c xfrm: remove useless forward declarations 2008-11-25 01:05:54 -08:00
xfrm4_tunnel.c