Commit f3dfd20860db3d0c400dd83a378176a28d3662db
Committed by
David S. Miller
David S. Miller
1 parent
6c821bd9ed
Exists in
smarc-imx_3.14.28_1.0.0_ga
and in
1 other branch
af_unix: fix bug on large send()
commit e370a723632 ("af_unix: improve STREAM behavior with fragmented memory") added a bug on large send() because the skb_copy_datagram_from_iovec() call always start from the beginning of iovec. We must instead use the @sent variable to properly skip the already processed part. Reported-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Showing 1 changed file with 2 additions and 1 deletions Side-by-side Diff
net/unix/af_unix.c
| ... | ... | @@ -1669,7 +1669,8 @@ |
| 1669 | 1669 | skb_put(skb, size - data_len); |
| 1670 | 1670 | skb->data_len = data_len; |
| 1671 | 1671 | skb->len = size; |
| 1672 | - err = skb_copy_datagram_from_iovec(skb, 0, msg->msg_iov, 0, size); | |
| 1672 | + err = skb_copy_datagram_from_iovec(skb, 0, msg->msg_iov, | |
| 1673 | + sent, size); | |
| 1673 | 1674 | if (err) { |
| 1674 | 1675 | kfree_skb(skb); |
| 1675 | 1676 | goto out_err; |