diff options
author | Florian Westphal <fw@strlen.de> | 2020-08-16 23:14:20 +0200 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2020-08-16 21:11:37 -0700 |
commit | b3b2854dcf704c1db05d897072f98e8b79398af1 (patch) | |
tree | 820241533efd4555882da00f2fefd68fb14318b7 /net | |
parent | bd71ea60673180eccf17b1a1dda3504a04783789 (diff) | |
download | lwn-b3b2854dcf704c1db05d897072f98e8b79398af1.tar.gz lwn-b3b2854dcf704c1db05d897072f98e8b79398af1.zip |
mptcp: sendmsg: reset iter on error redux
This fix wasn't correct: When this function is invoked from the
retransmission worker, the iterator contains garbage and resetting
it causes a crash.
As the work queue should not be performance critical also zero the
msghdr struct.
Fixes: 35759383133f64d "(mptcp: sendmsg: reset iter on error)"
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/mptcp/protocol.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index c84b4051c2a4..1aad411a0e46 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -740,7 +740,8 @@ static int mptcp_sendmsg_frag(struct sock *sk, struct sock *ssk, ret = do_tcp_sendpages(ssk, page, offset, psize, msg->msg_flags | MSG_SENDPAGE_NOTLAST | MSG_DONTWAIT); if (ret <= 0) { - iov_iter_revert(&msg->msg_iter, psize); + if (!retransmission) + iov_iter_revert(&msg->msg_iter, psize); return ret; } @@ -1392,7 +1393,9 @@ static void mptcp_worker(struct work_struct *work) struct mptcp_data_frag *dfrag; u64 orig_write_seq; size_t copied = 0; - struct msghdr msg; + struct msghdr msg = { + .msg_flags = MSG_DONTWAIT, + }; long timeo = 0; lock_sock(sk); @@ -1425,7 +1428,6 @@ static void mptcp_worker(struct work_struct *work) lock_sock(ssk); - msg.msg_flags = MSG_DONTWAIT; orig_len = dfrag->data_len; orig_offset = dfrag->offset; orig_write_seq = dfrag->data_seq; |