mptcp: sendmsg: reset iter on error redux (b3b2854d) · Commits · 戴 / test

This fix wasn't correct: When this function is invoked from the retransmission worker, the iterator contains garbage and resetting it causes a crash. As the work queue should not be performance critical also zero the msghdr struct. Fixes: "(mptcp: sendmsg: reset iter on error)" Signed-off-by:

Florian Westphal <fw@strlen.de> Signed-off-by:

David S. Miller <davem@davemloft.net>

net/mptcp/protocol.c

+5 −3

Original line number	Diff line number	Diff line
		@@ -740,6 +740,7 @@ static int mptcp_sendmsg_frag(struct sock sk, struct sock ssk,
		ret = do_tcp_sendpages(ssk, page, offset, psize,
		msg->msg_flags \| MSG_SENDPAGE_NOTLAST \| MSG_DONTWAIT);
		if (ret <= 0) {
		if (!retransmission)
		iov_iter_revert(&msg->msg_iter, psize);
		return ret;
		}
		@@ -1392,7 +1393,9 @@ static void mptcp_worker(struct work_struct *work)
		struct mptcp_data_frag *dfrag;
		u64 orig_write_seq;
		size_t copied = 0;
		struct msghdr msg;
		struct msghdr msg = {
		.msg_flags = MSG_DONTWAIT,
		};
		long timeo = 0;

		lock_sock(sk);
		@@ -1425,7 +1428,6 @@ static void mptcp_worker(struct work_struct *work)

		lock_sock(ssk);

		msg.msg_flags = MSG_DONTWAIT;
		orig_len = dfrag->data_len;
		orig_offset = dfrag->offset;
		orig_write_seq = dfrag->data_seq;

Admin message