From: Eric Dumazet <edumazet@google.com>
Date: Mon, 12 Aug 2013 04:54:48 +0000 (-0700)
Subject: af_unix: fix bug on large send()
X-Git-Tag: v3.12-rc1~132^2~304
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=f3dfd20860db3d0c400dd83a378176a28d3662db;p=profile%2Fivi%2Fkernel-x86-ivi.git

af_unix: fix bug on large send()

commit e370a723632 ("af_unix: improve STREAM behavior with fragmented
memory") added a bug on large send() because the
skb_copy_datagram_from_iovec() call always start from the beginning
of iovec.

We must instead use the @sent variable to properly skip the
already processed part.

Reported-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index fee9e33..86de99a 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -1669,7 +1669,8 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
 		skb_put(skb, size - data_len);
 		skb->data_len = data_len;
 		skb->len = size;
-		err = skb_copy_datagram_from_iovec(skb, 0, msg->msg_iov, 0, size);
+		err = skb_copy_datagram_from_iovec(skb, 0, msg->msg_iov,
+						   sent, size);
 		if (err) {
 			kfree_skb(skb);
 			goto out_err;