From 05e3ecea4a6305597a060da0a123c80df8827bf1 Mon Sep 17 00:00:00 2001 From: Eric Dumazet Date: Wed, 2 Dec 2020 09:16:57 -0800 Subject: mptcp: avoid potential infinite loop in mptcp_recvmsg() If a packet is ready in receive queue, and application isssues a recvmsg()/recvfrom()/recvmmsg() request asking for zero bytes, we hang in mptcp_recvmsg(). Fixes: ea4ca586b16f ("mptcp: refine MPTCP-level ack scheduling") Signed-off-by: Eric Dumazet Tested-by: Paolo Abeni Reviewed-by: Mat Martineau Link: https://lore.kernel.org/r/20201202171657.1185108-1-eric.dumazet@gmail.com Signed-off-by: Jakub Kicinski --- net/mptcp/protocol.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net') diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c index 221f7cdd416b..57213ff60f78 100644 --- a/net/mptcp/protocol.c +++ b/net/mptcp/protocol.c @@ -1921,7 +1921,7 @@ static int mptcp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, len = min_t(size_t, len, INT_MAX); target = sock_rcvlowat(sk, flags & MSG_WAITALL, len); - for (;;) { + while (copied < len) { int bytes_read, old_space; bytes_read = __mptcp_recvmsg_mskq(msk, msg, len - copied); -- cgit v1.2.3