From: Eric Dumazet Date: Mon, 12 Aug 2013 04:54:48 +0000 (-0700) Subject: af_unix: fix bug on large send() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=f3dfd20860db3d0c400dd83a378176a28d3662db;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git af_unix: fix bug on large send() commit e370a723632 ("af_unix: improve STREAM behavior with fragmented memory") added a bug on large send() because the skb_copy_datagram_from_iovec() call always start from the beginning of iovec. We must instead use the @sent variable to properly skip the already processed part. Reported-by: Hannes Frederic Sowa Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller --- diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c index fee9e3397cd1..86de99ad2976 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c @@ -1669,7 +1669,8 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock, skb_put(skb, size - data_len); skb->data_len = data_len; skb->len = size; - err = skb_copy_datagram_from_iovec(skb, 0, msg->msg_iov, 0, size); + err = skb_copy_datagram_from_iovec(skb, 0, msg->msg_iov, + sent, size); if (err) { kfree_skb(skb); goto out_err;