From: Miklos Szeredi <[EMAIL PROTECTED]> Date: Tue, 05 Jun 2007 09:42:41 +0200
> From: Miklos Szeredi <[EMAIL PROTECTED]> > > A recv() on an AF_UNIX, SOCK_STREAM socket can race with a > send()+close() on the peer, causing recv() to return zero, even though > the sent data should be received. > > This happens if the send() and the close() is performed between > skb_dequeue() and checking sk->sk_shutdown in unix_stream_recvmsg(): > > process A skb_dequeue() returns NULL, there's no data in the socket queue > process B new data is inserted onto the queue by unix_stream_sendmsg() > process B sk->sk_shutdown is set to SHUTDOWN_MASK by unix_release_sock() > process A sk->sk_shutdown is checked, unix_release_sock() returns zero > > I'm surprised nobody noticed this, it's not hard to trigger. Maybe > it's just (un)luck with the timing. > > It's possible to work around this bug in userspace, by retrying the > recv() once in case of a zero return value. > > Signed-off-by: Miklos Szeredi <[EMAIL PROTECTED]> Looks good, applied. Another way to fix this would have been to take the u->readlock in unix_release() and unix_shutdown(), but that would have hurt unix_dgram_recvmsg() which doesn't need to handle this race. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/