From: Eric Dumazet <edumazet@google.com>
Date: Wed, 2 Dec 2020 17:16:57 +0000 (-0800)
Subject: mptcp: avoid potential infinite loop in mptcp_recvmsg()
X-Git-Tag: v5.15~2222^2~133
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=05e3ecea4a6305597a060da0a123c80df8827bf1;p=platform%2Fkernel%2Flinux-starfive.git

mptcp: avoid potential infinite loop in mptcp_recvmsg()

If a packet is ready in receive queue, and application isssues
a recvmsg()/recvfrom()/recvmmsg() request asking for zero bytes,
we hang in mptcp_recvmsg().

Fixes: ea4ca586b16f ("mptcp: refine MPTCP-level ack scheduling")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Tested-by: Paolo Abeni <pabeni@redhat.com>
Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Link: https://lore.kernel.org/r/20201202171657.1185108-1-eric.dumazet@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
---

diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index 221f7cd..57213ff 100644
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -1921,7 +1921,7 @@ static int mptcp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len,
 	len = min_t(size_t, len, INT_MAX);
 	target = sock_rcvlowat(sk, flags & MSG_WAITALL, len);
 
-	for (;;) {
+	while (copied < len) {
 		int bytes_read, old_space;
 
 		bytes_read = __mptcp_recvmsg_mskq(msk, msg, len - copied);