提交 ac30ef83 编写于 作者: B Ben Pfaff 提交者: David S. Miller

netlink: Fix handling of error from netlink_dump().

netlink_dump() returns a negative errno value on error.  Until now,
netlink_recvmsg() directly recorded that negative value in sk->sk_err, but
that's wrong since sk_err takes positive errno values.  (This manifests as
userspace receiving a positive return value from the recv() system call,
falsely indicating success.) This bug was introduced in the commit that
started checking the netlink_dump() return value, commit b44d211e (netlink:
handle errors from netlink_dump()).

Multithreaded Netlink dumps are one way to trigger this behavior in
practice, as described in the commit message for the userspace workaround
posted here:
    http://openvswitch.org/pipermail/dev/2014-June/042339.html

This commit also fixes the same bug in netlink_poll(), introduced in commit
cd1df525 (netlink: add flow control for memory mapped I/O).
Signed-off-by: NBen Pfaff <blp@nicira.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 0a198587
...@@ -636,7 +636,7 @@ static unsigned int netlink_poll(struct file *file, struct socket *sock, ...@@ -636,7 +636,7 @@ static unsigned int netlink_poll(struct file *file, struct socket *sock,
while (nlk->cb_running && netlink_dump_space(nlk)) { while (nlk->cb_running && netlink_dump_space(nlk)) {
err = netlink_dump(sk); err = netlink_dump(sk);
if (err < 0) { if (err < 0) {
sk->sk_err = err; sk->sk_err = -err;
sk->sk_error_report(sk); sk->sk_error_report(sk);
break; break;
} }
...@@ -2483,7 +2483,7 @@ static int netlink_recvmsg(struct kiocb *kiocb, struct socket *sock, ...@@ -2483,7 +2483,7 @@ static int netlink_recvmsg(struct kiocb *kiocb, struct socket *sock,
atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf / 2) { atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf / 2) {
ret = netlink_dump(sk); ret = netlink_dump(sk);
if (ret) { if (ret) {
sk->sk_err = ret; sk->sk_err = -ret;
sk->sk_error_report(sk); sk->sk_error_report(sk);
} }
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册