Commit 09e14305 authored by David S. Miller's avatar David S. Miller Committed by David S. Miller

[NETLINK]: Fix infinite loops in synchronous netlink changes.

The qlen should continue to decrement, even if we
pop partially processed SKBs back onto the receive queue.
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 2a0a6ebe
...@@ -626,14 +626,13 @@ static void rtnetlink_rcv(struct sock *sk, int len) ...@@ -626,14 +626,13 @@ static void rtnetlink_rcv(struct sock *sk, int len)
if (qlen > skb_queue_len(&sk->sk_receive_queue)) if (qlen > skb_queue_len(&sk->sk_receive_queue))
qlen = skb_queue_len(&sk->sk_receive_queue); qlen = skb_queue_len(&sk->sk_receive_queue);
while (qlen--) { for (; qlen; qlen--) {
skb = skb_dequeue(&sk->sk_receive_queue); skb = skb_dequeue(&sk->sk_receive_queue);
if (rtnetlink_rcv_skb(skb)) { if (rtnetlink_rcv_skb(skb)) {
if (skb->len) { if (skb->len)
skb_queue_head(&sk->sk_receive_queue, skb_queue_head(&sk->sk_receive_queue,
skb); skb);
qlen++; else
} else
kfree_skb(skb); kfree_skb(skb);
break; break;
} }
......
...@@ -121,7 +121,7 @@ static void dnrmg_receive_user_sk(struct sock *sk, int len) ...@@ -121,7 +121,7 @@ static void dnrmg_receive_user_sk(struct sock *sk, int len)
struct sk_buff *skb; struct sk_buff *skb;
unsigned int qlen = skb_queue_len(&sk->sk_receive_queue); unsigned int qlen = skb_queue_len(&sk->sk_receive_queue);
while (qlen-- && (skb = skb_dequeue(&sk->sk_receive_queue))) { for (; qlen && (skb = skb_dequeue(&sk->sk_receive_queue)); qlen--) {
dnrmg_receive_user_skb(skb); dnrmg_receive_user_skb(skb);
kfree_skb(skb); kfree_skb(skb);
} }
......
...@@ -1018,14 +1018,13 @@ static void xfrm_netlink_rcv(struct sock *sk, int len) ...@@ -1018,14 +1018,13 @@ static void xfrm_netlink_rcv(struct sock *sk, int len)
if (qlen > skb_queue_len(&sk->sk_receive_queue)) if (qlen > skb_queue_len(&sk->sk_receive_queue))
qlen = skb_queue_len(&sk->sk_receive_queue); qlen = skb_queue_len(&sk->sk_receive_queue);
while (qlen--) { for (; qlen; qlen--) {
skb = skb_dequeue(&sk->sk_receive_queue); skb = skb_dequeue(&sk->sk_receive_queue);
if (xfrm_user_rcv_skb(skb)) { if (xfrm_user_rcv_skb(skb)) {
if (skb->len) { if (skb->len)
skb_queue_head(&sk->sk_receive_queue, skb_queue_head(&sk->sk_receive_queue,
skb); skb);
qlen++; else
} else
kfree_skb(skb); kfree_skb(skb);
break; break;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment