Message ID | 20200816211420.7337-1-fw@strlen.de |
---|---|
State | Accepted |
Delegated to: | David Miller |
Headers | show |
Series | [net] mptcp: sendmsg: reset iter on error redux | expand |
From: Florian Westphal <fw@strlen.de> Date: Sun, 16 Aug 2020 23:14:20 +0200 > This fix wasn't correct: When this function is invoked from the > retransmission worker, the iterator contains garbage and resetting > it causes a crash. > > As the work queue should not be performance critical also zero the > msghdr struct. > > Fixes: 35759383133f64d "(mptcp: sendmsg: reset iter on error)" > Signed-off-by: Florian Westphal <fw@strlen.de> Applied, thanks.
On Sun, 16 Aug 2020 23:14:20 +0200 Florian Westphal wrote: > This fix wasn't correct: When this function is invoked from the > retransmission worker, the iterator contains garbage and resetting > it causes a crash. > > As the work queue should not be performance critical also zero the > msghdr struct. > > Fixes: 35759383133f64d "(mptcp: sendmsg: reset iter on error)" > Signed-off-by: Florian Westphal <fw@strlen.de> Fixes tag: Fixes: 35759383133f64d "(mptcp: sendmsg: reset iter on error)" Has these problem(s): - Subject does not match target commit subject Just use git log -1 --format='Fixes: %h ("%s")'
diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 2499757bf899..f6561d126110 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -740,7 +740,8 @@ static int mptcp_sendmsg_frag(struct sock *sk, struct sock *ssk, ret = do_tcp_sendpages(ssk, page, offset, psize, msg->msg_flags | MSG_SENDPAGE_NOTLAST | MSG_DONTWAIT); if (ret <= 0) { - iov_iter_revert(&msg->msg_iter, psize); + if (!retransmission) + iov_iter_revert(&msg->msg_iter, psize); return ret; } @@ -1391,7 +1392,9 @@ static void mptcp_worker(struct work_struct *work) struct mptcp_data_frag *dfrag; u64 orig_write_seq; size_t copied = 0; - struct msghdr msg; + struct msghdr msg = { + .msg_flags = MSG_DONTWAIT, + }; long timeo = 0; lock_sock(sk); @@ -1424,7 +1427,6 @@ static void mptcp_worker(struct work_struct *work) lock_sock(ssk); - msg.msg_flags = MSG_DONTWAIT; orig_len = dfrag->data_len; orig_offset = dfrag->offset; orig_write_seq = dfrag->data_seq;
This fix wasn't correct: When this function is invoked from the retransmission worker, the iterator contains garbage and resetting it causes a crash. As the work queue should not be performance critical also zero the msghdr struct. Fixes: 35759383133f64d "(mptcp: sendmsg: reset iter on error)" Signed-off-by: Florian Westphal <fw@strlen.de> --- Brown paper bag patch. I will see if having distinct functions for the mtcp_sendmsg and retransmit wq case is feasible/more appropriate. net/mptcp/protocol.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-)