From: Marc Dionne Date: Thu, 12 Aug 2010 20:33:04 +0000 (-0400) Subject: Linux: avoid oops in memcpy_toiovec X-Git-Tag: openafs-devel-1_5_76~7 X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=90b75531add729ecbcc46f2a6fb070993b96bcec;p=packages%2Fo%2Fopenafs.git Linux: avoid oops in memcpy_toiovec With ADAPT_PMTU enabled, kernel_recvmsg can be called to receive errors. The call is made with no iovec supplied (we pass a NULL pointer), but with a size of 256. In the kernel, the memcpy_toiovec function tests for size > 0, and proceeds to check iovec->iov_len, which causes an oops. Fix by setting the size to 0. Change-Id: I3c672c2e67d0aa5af2bd54d0c14aaeae3bb3c530 Reviewed-on: http://gerrit.openafs.org/2546 Reviewed-by: Derrick Brashear Tested-by: Derrick Brashear --- diff --git a/src/rx/LINUX/rx_knet.c b/src/rx/LINUX/rx_knet.c index 8d73999ca..590a06060 100644 --- a/src/rx/LINUX/rx_knet.c +++ b/src/rx/LINUX/rx_knet.c @@ -110,7 +110,7 @@ handle_socket_error(osi_socket so) msg.msg_controllen = 256; msg.msg_flags = 0; - code = kernel_recvmsg(sop, &msg, NULL, 0, 256, + code = kernel_recvmsg(sop, &msg, NULL, 0, 0, MSG_ERRQUEUE|MSG_DONTWAIT|MSG_TRUNC); if (code < 0 || !(msg.msg_flags & MSG_ERRQUEUE))