Commit a6736a0a authored Jun 11, 2024 by Rao Shoaib Committed by Jakub Kicinski Jun 13, 2024

af_unix: Read with MSG_PEEK loops if the first unread byte is OOB



Read with MSG_PEEK flag loops if the first byte to read is an OOB byte.
commit 22dd70eb ("af_unix: Don't peek OOB data without MSG_OOB.")
addresses the loop issue but does not address the issue that no data
beyond OOB byte can be read.

>>> from socket import *
>>> c1, c2 = socketpair(AF_UNIX, SOCK_STREAM)
>>> c1.send(b'a', MSG_OOB)
1
>>> c1.send(b'b')
1
>>> c2.recv(1, MSG_PEEK | MSG_DONTWAIT)
b'b'

>>> from socket import *
>>> c1, c2 = socketpair(AF_UNIX, SOCK_STREAM)
>>> c2.setsockopt(SOL_SOCKET, SO_OOBINLINE, 1)
>>> c1.send(b'a', MSG_OOB)
1
>>> c1.send(b'b')
1
>>> c2.recv(1, MSG_PEEK | MSG_DONTWAIT)
b'a'
>>> c2.recv(1, MSG_PEEK | MSG_DONTWAIT)
b'a'
>>> c2.recv(1, MSG_DONTWAIT)
b'a'
>>> c2.recv(1, MSG_PEEK | MSG_DONTWAIT)
b'b'
>>>

Fixes: 314001f0 ("af_unix: Add OOB support")
Signed-off-by: Rao Shoaib <Rao.Shoaib@oracle.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://lore.kernel.org/r/20240611084639.2248934-1-Rao.Shoaib@oracle.com


Signed-off-by: Jakub Kicinski <kuba@kernel.org>

parent 7d9df38c

net/unix/af_unix.c

+9 −9

Original line number	Diff line number	Diff line
		@@ -2625,19 +2625,19 @@ static struct sk_buff manage_oob(struct sk_buff skb, struct sock *sk,
		if (skb == u->oob_skb) {
		if (copied) {
		skb = NULL;
		} else if (sock_flag(sk, SOCK_URGINLINE)) {
		if (!(flags & MSG_PEEK)) {
		} else if (!(flags & MSG_PEEK)) {
		if (sock_flag(sk, SOCK_URGINLINE)) {
		WRITE_ONCE(u->oob_skb, NULL);
		consume_skb(skb);
		}
		} else if (flags & MSG_PEEK) {
		skb = NULL;
		} else {
		__skb_unlink(skb, &sk->sk_receive_queue);
		WRITE_ONCE(u->oob_skb, NULL);
		unlinked_skb = skb;
		skb = skb_peek(&sk->sk_receive_queue);
		}
		} else if (!sock_flag(sk, SOCK_URGINLINE)) {
		skb = skb_peek_next(skb, &sk->sk_receive_queue);
		}
		}

		spin_unlock(&sk->sk_receive_queue.lock);