From: Rainer Weikusat Date: Mon, 8 Feb 2016 18:47:19 +0000 (+0000) Subject: af_unix: Don't set err in unix_stream_read_generic unless there was an error X-Git-Tag: firefly_0821_release~176^2~475^2~388 X-Git-Url: http://plrg.eecs.uci.edu/git/?a=commitdiff_plain;h=2f46f069ccfb28e6fdaa6798544fd30b72835b04;p=firefly-linux-kernel-4.4.55.git af_unix: Don't set err in unix_stream_read_generic unless there was an error [ Upstream commit 1b92ee3d03af6643df395300ba7748f19ecdb0c5 ] The present unix_stream_read_generic contains various code sequences of the form err = -EDISASTER; if () goto out; This has the unfortunate side effect of possibly causing the error code to bleed through to the final out: return copied ? : err; and then to be wrongly returned if no data was copied because the caller didn't supply a data buffer, as demonstrated by the program available at http://pad.lv/1540731 Change it such that err is only set if an error condition was detected. Fixes: 3822b5c2fc62 ("af_unix: Revert 'lock_interruptible' in stream receive code") Reported-by: Joseph Salisbury Signed-off-by: Rainer Weikusat Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c index 6de41c33a9db..265412c95d94 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c @@ -2270,13 +2270,15 @@ static int unix_stream_read_generic(struct unix_stream_read_state *state) size_t size = state->size; unsigned int last_len; - err = -EINVAL; - if (sk->sk_state != TCP_ESTABLISHED) + if (unlikely(sk->sk_state != TCP_ESTABLISHED)) { + err = -EINVAL; goto out; + } - err = -EOPNOTSUPP; - if (flags & MSG_OOB) + if (unlikely(flags & MSG_OOB)) { + err = -EOPNOTSUPP; goto out; + } target = sock_rcvlowat(sk, flags & MSG_WAITALL, size); timeo = sock_rcvtimeo(sk, noblock); @@ -2322,9 +2324,11 @@ again: goto unlock; unix_state_unlock(sk); - err = -EAGAIN; - if (!timeo) + if (!timeo) { + err = -EAGAIN; break; + } + mutex_unlock(&u->readlock); timeo = unix_stream_data_wait(sk, timeo, last,