af_unix: fix bug on large send()
authorEric Dumazet <edumazet@google.com>
Mon, 12 Aug 2013 04:54:48 +0000 (21:54 -0700)
committerDavid S. Miller <davem@davemloft.net>
Mon, 12 Aug 2013 05:02:36 +0000 (22:02 -0700)
commit e370a723632 ("af_unix: improve STREAM behavior with fragmented
memory") added a bug on large send() because the
skb_copy_datagram_from_iovec() call always start from the beginning
of iovec.

We must instead use the @sent variable to properly skip the
already processed part.

Reported-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/unix/af_unix.c

index fee9e33..86de99a 100644 (file)
@@ -1669,7 +1669,8 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
                skb_put(skb, size - data_len);
                skb->data_len = data_len;
                skb->len = size;
-               err = skb_copy_datagram_from_iovec(skb, 0, msg->msg_iov, 0, size);
+               err = skb_copy_datagram_from_iovec(skb, 0, msg->msg_iov,
+                                                  sent, size);
                if (err) {
                        kfree_skb(skb);
                        goto out_err;