mptcp: sendmsg: reset iter on error redux

This fix wasn't correct: When this function is invoked from the
retransmission worker, the iterator contains garbage and resetting
it causes a crash.

As the work queue should not be performance critical also zero the
msghdr struct.

Fixes: 35759383133f64d "(mptcp: sendmsg: reset iter on error)"
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index c84b405..1aad411 100644 (file)
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -740,7 +740,8 @@ static int mptcp_sendmsg_frag(struct sock *sk, struct sock *ssk,
        ret = do_tcp_sendpages(ssk, page, offset, psize,
                               msg->msg_flags | MSG_SENDPAGE_NOTLAST | MSG_DONTWAIT);
        if (ret <= 0) {
-               iov_iter_revert(&msg->msg_iter, psize);
+               if (!retransmission)
+                       iov_iter_revert(&msg->msg_iter, psize);
                return ret;
        }
 
@@ -1392,7 +1393,9 @@ static void mptcp_worker(struct work_struct *work)
        struct mptcp_data_frag *dfrag;
        u64 orig_write_seq;
        size_t copied = 0;
-       struct msghdr msg;
+       struct msghdr msg = {
+               .msg_flags = MSG_DONTWAIT,
+       };
        long timeo = 0;
 
        lock_sock(sk);
@@ -1425,7 +1428,6 @@ static void mptcp_worker(struct work_struct *work)
 
        lock_sock(ssk);
 
-       msg.msg_flags = MSG_DONTWAIT;
        orig_len = dfrag->data_len;
        orig_offset = dfrag->offset;
        orig_write_seq = dfrag->data_seq;