# This is a BitKeeper generated diff -Nru style patch. # # ChangeSet # 2004/03/15 19:42:55+01:00 marcel@holtmann.org # [Bluetooth] Fix non-blocking socket race conditions # # A poll on a non-blocking listen socket signals readable too early. The # first time the socket should be readable is if a child is in connected # state. And don't signal writeable if the socket is in config state. # # Noticed by Jean Tourrilhes # # net/bluetooth/af_bluetooth.c # 2004/03/15 19:42:15+01:00 marcel@holtmann.org +22 -5 # Fix non-blocking socket race conditions # diff -Nru a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c --- a/net/bluetooth/af_bluetooth.c Mon Mar 15 19:43:09 2004 +++ b/net/bluetooth/af_bluetooth.c Mon Mar 15 19:43:09 2004 @@ -218,15 +218,31 @@ return err ? : copied; } +static inline unsigned int bluez_accept_poll(struct sock *parent) +{ + struct list_head *p, *n; + struct sock *sk; + + list_for_each_safe(p, n, &bluez_pi(parent)->accept_q) { + sk = (struct sock *) list_entry(p, struct bluez_pinfo, accept_q); + if (sk->state == BT_CONNECTED) + return POLLIN | POLLRDNORM; + } + + return 0; +} + unsigned int bluez_sock_poll(struct file * file, struct socket *sock, poll_table *wait) { struct sock *sk = sock->sk; - unsigned int mask; + unsigned int mask = 0; BT_DBG("sock %p, sk %p", sock, sk); poll_wait(file, sk->sleep, wait); - mask = 0; + + if (sk->state == BT_LISTEN) + return bluez_accept_poll(sk); if (sk->err || !skb_queue_empty(&sk->error_queue)) mask |= POLLERR; @@ -235,16 +251,17 @@ mask |= POLLHUP; if (!skb_queue_empty(&sk->receive_queue) || - !list_empty(&bluez_pi(sk)->accept_q) || (sk->shutdown & RCV_SHUTDOWN)) mask |= POLLIN | POLLRDNORM; if (sk->state == BT_CLOSED) mask |= POLLHUP; - if (sk->state == BT_CONNECT || sk->state == BT_CONNECT2) + if (sk->state == BT_CONNECT || + sk->state == BT_CONNECT2 || + sk->state == BT_CONFIG) return mask; - + if (sock_writeable(sk)) mask |= POLLOUT | POLLWRNORM | POLLWRBAND; else