[TCP]: Invoke tcp_sendmsg() directly, do not use inet_sendmsg().

As discovered by Evegniy Polyakov, if we try to sendmsg after
a connection reset, we can do incredibly stupid things.

The core issue is that inet_sendmsg() tries to autobind the
socket, but we should never do that for TCP.  Instead we should
just go straight into TCP's sendmsg() code which will do all
of the necessary state and pending socket error checks.

TCP's sendpage already directly vectors to tcp_sendpage(), so this
merely brings sendmsg() in line with that.

Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/include/net/tcp.h b/include/net/tcp.h
index c209361ab74a7ff00fe62da4b7b4a6a2ed1cb5eb..185c7ecce4cc159e845c3e9afa62a7facc7b8bea 100644 (file)
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -281,7 +281,7 @@ extern int                  tcp_v4_remember_stamp(struct sock *sk);
 
 extern int                     tcp_v4_tw_remember_stamp(struct inet_timewait_sock *tw);
 
-extern int                     tcp_sendmsg(struct kiocb *iocb, struct sock *sk,
+extern int                     tcp_sendmsg(struct kiocb *iocb, struct socket *sock,
                                            struct msghdr *msg, size_t size);
 extern ssize_t                 tcp_sendpage(struct socket *sock, struct page *page, int offset, size_t size, int flags);
 

diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 06c08e5740fbcca5b0aa37dade5a90f88609ee42..e68103475cca2a76a349d270d1db72c62132b4c7 100644 (file)
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -831,7 +831,7 @@ const struct proto_ops inet_stream_ops = {
        .shutdown          = inet_shutdown,
        .setsockopt        = sock_common_setsockopt,
        .getsockopt        = sock_common_getsockopt,
-       .sendmsg           = inet_sendmsg,
+       .sendmsg           = tcp_sendmsg,
        .recvmsg           = sock_common_recvmsg,
        .mmap              = sock_no_mmap,
        .sendpage          = tcp_sendpage,

diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index da4c0b6ab79ab5f25b5e9accddf592796c93c4ba..7e740112b2383c93b535a0657baf3f5b6fe75d48 100644 (file)
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -658,9 +658,10 @@ static inline int select_size(struct sock *sk)
        return tmp;
 }
 
-int tcp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
+int tcp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg,
                size_t size)
 {
+       struct sock *sk = sock->sk;
        struct iovec *iov;
        struct tcp_sock *tp = tcp_sk(sk);
        struct sk_buff *skb;

diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 3f5f7423b95ca818463938dbaad1c8bed8903bb3..9c94627c8c7e1888c3369f42fde366efbbe6d929 100644 (file)
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -2425,7 +2425,6 @@ struct proto tcp_prot = {
        .shutdown               = tcp_shutdown,
        .setsockopt             = tcp_setsockopt,
        .getsockopt             = tcp_getsockopt,
-       .sendmsg                = tcp_sendmsg,
        .recvmsg                = tcp_recvmsg,
        .backlog_rcv            = tcp_v4_do_rcv,
        .hash                   = tcp_v4_hash,

diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index eed09373a45d8cb9685ae28eebcaa761b5ef557e..b5f96372ad7344b3b815b85a5e29a0b08ac8ad13 100644 (file)
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -484,7 +484,7 @@ const struct proto_ops inet6_stream_ops = {
        .shutdown          = inet_shutdown,             /* ok           */
        .setsockopt        = sock_common_setsockopt,    /* ok           */
        .getsockopt        = sock_common_getsockopt,    /* ok           */
-       .sendmsg           = inet_sendmsg,              /* ok           */
+       .sendmsg           = tcp_sendmsg,               /* ok           */
        .recvmsg           = sock_common_recvmsg,       /* ok           */
        .mmap              = sock_no_mmap,
        .sendpage          = tcp_sendpage,

diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index f10f3689d6710274f90676c8dccc68d1fc1dc43d..cbdb78487915de967bcf99e91d104e145c98f9fb 100644 (file)
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -2115,7 +2115,6 @@ struct proto tcpv6_prot = {
        .shutdown               = tcp_shutdown,
        .setsockopt             = tcp_setsockopt,
        .getsockopt             = tcp_getsockopt,
-       .sendmsg                = tcp_sendmsg,
        .recvmsg                = tcp_recvmsg,
        .backlog_rcv            = tcp_v6_do_rcv,
        .hash                   = tcp_v6_hash,