Jayachandran C. <[EMAIL PROTECTED]> wrote:
>
> diff -ur linux-2.6.15-rc3-git1.clean/net/ipv4/udp.c
> linux-2.6.15-rc3-git1/net/ipv4/udp.c
> --- linux-2.6.15-rc3-git1.clean/net/ipv4/udp.c Wed Nov 30 21:55:27 2005
> +++ linux-2.6.15-rc3-git1/net/ipv4/udp.c Thu Dec 1 05:23:40 2005
> @@ -848,15 +848,11 @@
>
> /* Clear queue. */
> if (flags&MSG_PEEK) {
> - int clear = 0;
> spin_lock_bh(&sk->sk_receive_queue.lock);
> if (skb == skb_peek(&sk->sk_receive_queue)) {
> __skb_unlink(skb, &sk->sk_receive_queue);
> - clear = 1;
> }
> spin_unlock_bh(&sk->sk_receive_queue.lock);
> - if (clear)
> - kfree_skb(skb);
> }
>
> skb_free_datagram(sk, skb);
This is wrong. If we're peeking, we've incremented the refcount of the
skb without taking it off the list. So if it isn't on the list anymore,
we should simply drop our reference. If it's still on the list, we need
to drop our reference twice which is what this code is trying to do.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
