Commit d31a56d2 authored by Tetsuo Handa's avatar Tetsuo Handa Committed by Greg Kroah-Hartman

net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL.

commit 3bc53be9db21040b5d2de4d455f023c8c494aa68 upstream.

syzbot is reporting stalls at nfc_llcp_send_ui_frame() [1]. This is
because nfc_llcp_send_ui_frame() is retrying the loop without any delay
when nonblocking nfc_alloc_send_skb() returned NULL.

Since there is no need to use MSG_DONTWAIT if we retry until
sock_alloc_send_pskb() succeeds, let's use blocking call.
Also, in case an unexpected error occurred, let's break the loop
if blocking nfc_alloc_send_skb() failed.

[1] default avatarTetsuo Handa <>
Reported-by: default avatarsyzbot <>
Signed-off-by: default avatarDavid S. Miller <>
Signed-off-by: default avatarGreg Kroah-Hartman <>
parent 863d5568
......@@ -753,11 +753,14 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap,
pr_debug("Fragment %zd bytes remaining %zd",
frag_len, remaining_len);
pdu = nfc_alloc_send_skb(sock->dev, &sock->sk, MSG_DONTWAIT,
pdu = nfc_alloc_send_skb(sock->dev, &sock->sk, 0,
frag_len + LLCP_HEADER_SIZE, &err);
if (pdu == NULL) {
pr_err("Could not allocate PDU\n");
pr_err("Could not allocate PDU (error=%d)\n", err);
len -= remaining_len;
if (len == 0)
len = err;
pdu = llcp_add_header(pdu, dsap, ssap, LLCP_PDU_UI);
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment