mptcp: sendmsg: reset iter on error redux

This fix wasn't correct: When this function is invoked from the retransmission worker, the iterator contains garbage and resetting it causes a crash. As the work queue should not be performance critical also zero the msghdr struct. Fixes: 3575938313 "(mptcp: sendmsg: reset iter on error)" Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: David S. Miller <davem@davemloft.net>
2020-08-16 23:14:20 +02:00 · 2020-08-16 23:14:20 +02:00 · b3b2854dcf
commit b3b2854dcf
parent bd71ea6067
1 changed files with 5 additions and 3 deletions
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@ -740,7 +740,8 @@ static int mptcp_sendmsg_frag(struct sock *sk, struct sock *ssk,
 	ret = do_tcp_sendpages(ssk, page, offset, psize,
 			       msg->msg_flags | MSG_SENDPAGE_NOTLAST | MSG_DONTWAIT);
 	if (ret <= 0) {
-		iov_iter_revert(&msg->msg_iter, psize);
+		if (!retransmission)
+			iov_iter_revert(&msg->msg_iter, psize);
 		return ret;
 	}

@ -1392,7 +1393,9 @@ static void mptcp_worker(struct work_struct *work)
 	struct mptcp_data_frag *dfrag;
 	u64 orig_write_seq;
 	size_t copied = 0;
-	struct msghdr msg;
+	struct msghdr msg = {
+		.msg_flags = MSG_DONTWAIT,
+	};
 	long timeo = 0;

 	lock_sock(sk);
@ -1425,7 +1428,6 @@ static void mptcp_worker(struct work_struct *work)

 	lock_sock(ssk);

-	msg.msg_flags = MSG_DONTWAIT;
 	orig_len = dfrag->data_len;
 	orig_offset = dfrag->offset;
 	orig_write_seq = dfrag->data_seq;