mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-17 02:36:21 +00:00
net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL.
syzbot is reporting stalls at nfc_llcp_send_ui_frame() [1]. This is because nfc_llcp_send_ui_frame() is retrying the loop without any delay when nonblocking nfc_alloc_send_skb() returned NULL. Since there is no need to use MSG_DONTWAIT if we retry until sock_alloc_send_pskb() succeeds, let's use blocking call. Also, in case an unexpected error occurred, let's break the loop if blocking nfc_alloc_send_skb() failed. [1] https://syzkaller.appspot.com/bug?id=4a131cc571c3733e0eff6bc673f4e36ae48f19c6 Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Reported-by: syzbot <syzbot+d29d18215e477cfbfbdd@syzkaller.appspotmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
83ed7d1fe2
commit
3bc53be9db
@ -752,11 +752,14 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap,
|
||||
pr_debug("Fragment %zd bytes remaining %zd",
|
||||
frag_len, remaining_len);
|
||||
|
||||
pdu = nfc_alloc_send_skb(sock->dev, &sock->sk, MSG_DONTWAIT,
|
||||
pdu = nfc_alloc_send_skb(sock->dev, &sock->sk, 0,
|
||||
frag_len + LLCP_HEADER_SIZE, &err);
|
||||
if (pdu == NULL) {
|
||||
pr_err("Could not allocate PDU\n");
|
||||
continue;
|
||||
pr_err("Could not allocate PDU (error=%d)\n", err);
|
||||
len -= remaining_len;
|
||||
if (len == 0)
|
||||
len = err;
|
||||
break;
|
||||
}
|
||||
|
||||
pdu = llcp_add_header(pdu, dsap, ssap, LLCP_PDU_UI);
|
||||
|
Loading…
x
Reference in New Issue
Block a user