summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2020-08-16 23:14:20 +0200
committerDavid S. Miller <davem@davemloft.net>2020-08-17 06:11:37 +0200
commitb3b2854dcf704c1db05d897072f98e8b79398af1 (patch)
tree820241533efd4555882da00f2fefd68fb14318b7
parentnet: devlink: Remove overzealous WARN_ON with snapshots (diff)
downloadlinux-b3b2854dcf704c1db05d897072f98e8b79398af1.tar.xz
linux-b3b2854dcf704c1db05d897072f98e8b79398af1.zip
mptcp: sendmsg: reset iter on error redux
This fix wasn't correct: When this function is invoked from the retransmission worker, the iterator contains garbage and resetting it causes a crash. As the work queue should not be performance critical also zero the msghdr struct. Fixes: 35759383133f64d "(mptcp: sendmsg: reset iter on error)" Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/mptcp/protocol.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index c84b4051c2a4..1aad411a0e46 100644
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -740,7 +740,8 @@ static int mptcp_sendmsg_frag(struct sock *sk, struct sock *ssk,
ret = do_tcp_sendpages(ssk, page, offset, psize,
msg->msg_flags | MSG_SENDPAGE_NOTLAST | MSG_DONTWAIT);
if (ret <= 0) {
- iov_iter_revert(&msg->msg_iter, psize);
+ if (!retransmission)
+ iov_iter_revert(&msg->msg_iter, psize);
return ret;
}
@@ -1392,7 +1393,9 @@ static void mptcp_worker(struct work_struct *work)
struct mptcp_data_frag *dfrag;
u64 orig_write_seq;
size_t copied = 0;
- struct msghdr msg;
+ struct msghdr msg = {
+ .msg_flags = MSG_DONTWAIT,
+ };
long timeo = 0;
lock_sock(sk);
@@ -1425,7 +1428,6 @@ static void mptcp_worker(struct work_struct *work)
lock_sock(ssk);
- msg.msg_flags = MSG_DONTWAIT;
orig_len = dfrag->data_len;
orig_offset = dfrag->offset;
orig_write_seq = dfrag->data_seq;