From patchwork Tue Sep 23 09:55:42 2008
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: : tcp: Fix queue traversal in tcp_use_frto().
Date: Mon, 22 Sep 2008 23:55:42 -0000
From: David Miller <davem@davemloft.net>
X-Patchwork-Id: 1045
Message-Id: <20080923.025542.193703353.davem@davemloft.net>
To: netdev@vger.kernel.org

One more skb_queue_next() BUG trigger.  I double audited the
remaining tcp_write_queue_next() cases and they should all
be good.

tcp: Fix queue traversal in tcp_use_frto().

We must check tcp_skb_is_last() before doing a tcp_write_queue_next().

Signed-off-by: David S. Miller <davem@davemloft.net>

---
net/ipv4/tcp_input.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index cbfe13d..3b76bce 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -1746,6 +1746,8 @@ int tcp_use_frto(struct sock *sk)
 		return 0;
 
 	skb = tcp_write_queue_head(sk);
+	if (tcp_skb_is_last(sk, skb))
+		return 1;
 	skb = tcp_write_queue_next(sk, skb);	/* Skips head */
 	tcp_for_write_queue_from(skb, sk) {
 		if (skb == tcp_send_head(sk))