Commit b3b2854d authored by Florian Westphal's avatar Florian Westphal Committed by David S. Miller

mptcp: sendmsg: reset iter on error redux

This fix wasn't correct: When this function is invoked from the
retransmission worker, the iterator contains garbage and resetting
it causes a crash.

As the work queue should not be performance critical also zero the
msghdr struct.

Fixes: 35759383 "(mptcp: sendmsg: reset iter on error)"
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent bd71ea60
...@@ -740,7 +740,8 @@ static int mptcp_sendmsg_frag(struct sock *sk, struct sock *ssk, ...@@ -740,7 +740,8 @@ static int mptcp_sendmsg_frag(struct sock *sk, struct sock *ssk,
ret = do_tcp_sendpages(ssk, page, offset, psize, ret = do_tcp_sendpages(ssk, page, offset, psize,
msg->msg_flags | MSG_SENDPAGE_NOTLAST | MSG_DONTWAIT); msg->msg_flags | MSG_SENDPAGE_NOTLAST | MSG_DONTWAIT);
if (ret <= 0) { if (ret <= 0) {
iov_iter_revert(&msg->msg_iter, psize); if (!retransmission)
iov_iter_revert(&msg->msg_iter, psize);
return ret; return ret;
} }
...@@ -1392,7 +1393,9 @@ static void mptcp_worker(struct work_struct *work) ...@@ -1392,7 +1393,9 @@ static void mptcp_worker(struct work_struct *work)
struct mptcp_data_frag *dfrag; struct mptcp_data_frag *dfrag;
u64 orig_write_seq; u64 orig_write_seq;
size_t copied = 0; size_t copied = 0;
struct msghdr msg; struct msghdr msg = {
.msg_flags = MSG_DONTWAIT,
};
long timeo = 0; long timeo = 0;
lock_sock(sk); lock_sock(sk);
...@@ -1425,7 +1428,6 @@ static void mptcp_worker(struct work_struct *work) ...@@ -1425,7 +1428,6 @@ static void mptcp_worker(struct work_struct *work)
lock_sock(ssk); lock_sock(ssk);
msg.msg_flags = MSG_DONTWAIT;
orig_len = dfrag->data_len; orig_len = dfrag->data_len;
orig_offset = dfrag->offset; orig_offset = dfrag->offset;
orig_write_seq = dfrag->data_seq; orig_write_seq = dfrag->data_seq;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment