af_iucv: fix oops in iucv_sock_recvmsg() for MSG_PEEK flag

[mirror_ubuntu-eoan-kernel.git] / net / iucv / af_iucv.c

diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
index 49e786535dc82aecf96b6eea4179864cdb0cee85..42b3be302c57fd6757f4d91f79cd459b11acfe1d 100644 (file)
--- a/net/iucv/af_iucv.c
+++ b/net/iucv/af_iucv.c
@@ -172,6 +172,7 @@ static void iucv_sock_close(struct sock *sk)
                        err = iucv_sock_wait_state(sk, IUCV_CLOSED, 0, timeo);
                }
 
+       case IUCV_CLOSING:   /* fall through */
                sk->sk_state = IUCV_CLOSED;
                sk->sk_state_change(sk);
 
@@ -224,6 +225,8 @@ static struct sock *iucv_sock_alloc(struct socket *sock, int proto, gfp_t prio)
        spin_lock_init(&iucv_sk(sk)->message_q.lock);
        skb_queue_head_init(&iucv_sk(sk)->backlog_skb_q);
        iucv_sk(sk)->send_tag = 0;
+       iucv_sk(sk)->path = NULL;
+       memset(&iucv_sk(sk)->src_user_id , 0, 32);
 
        sk->sk_destruct = iucv_sock_destruct;
        sk->sk_sndtimeo = IUCV_CONN_TIMEOUT;
@@ -811,6 +814,8 @@ static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
 
        target = sock_rcvlowat(sk, flags & MSG_WAITALL, len);
 
+       /* receive/dequeue next skb:
+        * the function understands MSG_PEEK and, thus, does not dequeue skb */
        skb = skb_recv_datagram(sk, flags, noblock, &err);
        if (!skb) {
                if (sk->sk_shutdown & RCV_SHUTDOWN)
@@ -858,9 +863,7 @@ static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
                                iucv_process_message_q(sk);
                        spin_unlock_bh(&iucv->message_q.lock);
                }
-
-       } else
-               skb_queue_head(&sk->sk_receive_queue, skb);
+       }
 
 done:
        return err ? : copied;