From 3583fce0d7937bfbf9846928f5cd41e11b5e4538 Mon Sep 17 00:00:00 2001 From: Pavel Emelyanov Date: Mon, 29 Oct 2012 05:05:33 +0000 Subject: [PATCH] tcp-repair: Handle zero-length data put in rcv queue [ Upstream commit c454e6111d1ef4268fe98e87087216e51c2718c3 ] When sending data into a tcp socket in repair state we should check for the amount of data being 0 explicitly. Otherwise we'll have an skb with seq == end_seq in rcv queue, but tcp doesn't expect this to happen (in particular a warn_on in tcp_recvmsg shoots). Signed-off-by: Pavel Emelyanov Reported-by: Giorgos Mavrikas Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/ipv4/tcp_input.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index d377f4854cb8..c92c4da4757d 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -4556,6 +4556,9 @@ int tcp_send_rcvq(struct sock *sk, struct msghdr *msg, size_t size) struct tcphdr *th; bool fragstolen; + if (size == 0) + return 0; + skb = alloc_skb(size + sizeof(*th), sk->sk_allocation); if (!skb) goto err; -- 2.39.5