virtio/vsock: don't drop skbuff on copy failure

commit 8daaf39f7f6ef53a11817f6a11ec104016c3545f upstream.

This returns behaviour of SOCK_STREAM read as before skbuff usage. When
copying to user fails current skbuff won't be dropped, but returned to
sockets's queue. Technically instead of 'skb_dequeue()', 'skb_peek()' is
called and when skbuff becomes empty, it is removed from queue by
'__skb_unlink()'.

Fixes: 71dc9ec9ac7d ("virtio/vsock: replace virtio_vsock_pkt with sk_buff")
Signed-off-by: Arseniy Krasnov <AVKrasnov@sberdevices.ru>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Acked-by: Bobby Eshleman <bobby.eshleman@bytedance.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c
index 2edda404eb205221135df75a30f023dc86dbd618..2b5ca5f18483697adbc24a4179ad63a6b4b847df 100644 (file)
--- a/net/vmw_vsock/virtio_transport_common.c
+++ b/net/vmw_vsock/virtio_transport_common.c
@@ -364,7 +364,7 @@ virtio_transport_stream_do_dequeue(struct vsock_sock *vsk,
 
        spin_lock_bh(&vvs->rx_lock);
        while (total < len && !skb_queue_empty(&vvs->rx_queue)) {
-               skb = __skb_dequeue(&vvs->rx_queue);
+               skb = skb_peek(&vvs->rx_queue);
 
                bytes = len - total;
                if (bytes > skb->len)
@@ -388,9 +388,8 @@ virtio_transport_stream_do_dequeue(struct vsock_sock *vsk,
                        u32 pkt_len = le32_to_cpu(virtio_vsock_hdr(skb)->len);
 
                        virtio_transport_dec_rx_pkt(vvs, pkt_len);
+                       __skb_unlink(skb, &vvs->rx_queue);
                        consume_skb(skb);
-               } else {
-                       __skb_queue_head(&vvs->rx_queue, skb);
                }
        }