From 3c25ed439a2e6bd08c606c3a24c60805aa98e08b Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Sat, 13 Feb 2016 00:55:52 +0000 Subject: [PATCH] af_unix: Don't set err in unix_stream_read_generic unless there was an error This fixes a regression in 4.4, also introduced in 4.3.4 and various other stable updates. --- debian/changelog | 2 + ...ad_generic-unless-there-was-an-error.patch | 65 +++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 68 insertions(+) create mode 100644 debian/patches/bugfix/all/af_unix-don-t-set-err-in-unix_stream_read_generic-unless-there-was-an-error.patch diff --git a/debian/changelog b/debian/changelog index 53349da57..617cac962 100644 --- a/debian/changelog +++ b/debian/changelog @@ -7,6 +7,8 @@ linux (4.4.1-1) UNRELEASED; urgency=medium (regression in 4.2.6-2) * Revert "workqueue: make sure delayed work run in local cpu" (regression in 4.3) + * af_unix: Don't set err in unix_stream_read_generic unless there was an error + (regression in 4.4, 4.3.4) -- Ben Hutchings Fri, 12 Feb 2016 23:34:23 +0000 diff --git a/debian/patches/bugfix/all/af_unix-don-t-set-err-in-unix_stream_read_generic-unless-there-was-an-error.patch b/debian/patches/bugfix/all/af_unix-don-t-set-err-in-unix_stream_read_generic-unless-there-was-an-error.patch new file mode 100644 index 000000000..3eec17f72 --- /dev/null +++ b/debian/patches/bugfix/all/af_unix-don-t-set-err-in-unix_stream_read_generic-unless-there-was-an-error.patch @@ -0,0 +1,65 @@ +From: Rainer Weikusat +Date: Mon, 08 Feb 2016 18:47:19 +0000 +Subject: af_unix: Don't set err in unix_stream_read_generic unless there was an error +Origin: http://mid.gmane.org/87bn7rrqdk.fsf@doppelsaurus.mobileactivedefense.com + +The present unix_stream_read_generic contains various code sequences of +the form + +err = -EDISASTER; +if () + goto out; + +This has the unfortunate side effect of possibly causing the error code +to bleed through to the final + +out: + return copied ? : err; + +and then to be wrongly returned if no data was copied because the caller +didn't supply a data buffer, as demonstrated by the program available at + +http://pad.lv/1540731 + +Change it such that err is only set if an error condition was detected. + +Fixes: 3822b5c2fc62 ("af_unix: Revert 'lock_interruptible' in stream receive code") +Reported-by: Joseph Salisbury +Signed-off-by: Rainer Weikusat +--- +--- a/net/unix/af_unix.c ++++ b/net/unix/af_unix.c +@@ -2275,13 +2275,15 @@ static int unix_stream_read_generic(stru + size_t size = state->size; + unsigned int last_len; + +- err = -EINVAL; +- if (sk->sk_state != TCP_ESTABLISHED) ++ if (unlikely(sk->sk_state != TCP_ESTABLISHED)) { ++ err = -EINVAL; + goto out; ++ } + +- err = -EOPNOTSUPP; +- if (flags & MSG_OOB) ++ if (unlikely(flags & MSG_OOB)) { ++ err = -EOPNOTSUPP; + goto out; ++ } + + target = sock_rcvlowat(sk, flags & MSG_WAITALL, size); + timeo = sock_rcvtimeo(sk, noblock); +@@ -2327,9 +2329,11 @@ again: + goto unlock; + + unix_state_unlock(sk); +- err = -EAGAIN; +- if (!timeo) ++ if (!timeo) { ++ err = -EAGAIN; + break; ++ } ++ + mutex_unlock(&u->readlock); + + timeo = unix_stream_data_wait(sk, timeo, last, diff --git a/debian/patches/series b/debian/patches/series index ae6e0cc30..f2c331957 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -121,3 +121,4 @@ bugfix/all/iw_cxgb3-Fix-incorrectly-returning-error-on-success.patch bugfix/all/fs-hugetlbfs-inode.c-fix-bugs-in-hugetlb_vmtruncate_.patch bugfix/all/af_unix-guard-against-other-sk-in-unix_dgram_sendmsg.patch bugfix/all/revert-workqueue-make-sure-delayed-work-run-in-local-cpu.patch +bugfix/all/af_unix-don-t-set-err-in-unix_stream_read_generic-unless-there-was-an-error.patch