commit f3dfd20860db3d0c400dd83a378176a28d3662db
author Eric Dumazet <edumazet@google.com> Sun Aug 11 21:54:48 2013 -0700
committer David S. Miller <davem@davemloft.net> Sun Aug 11 22:02:36 2013 -0700
tree b7a261523d1225efcbdbcb254953492807eceeff
parent 6c821bd9edc9563b34c7920b4a99fe64992de530

af_unix: fix bug on large send()

commit e370a723632 ("af_unix: improve STREAM behavior with fragmented
memory") added a bug on large send() because the
skb_copy_datagram_from_iovec() call always start from the beginning
of iovec.

We must instead use the @sent variable to properly skip the
already processed part.

Reported-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

net/unix/af_unix.c

diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index fee9e33..86de99a 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -1669,7 +1669,8 @@
 		skb_put(skb, size - data_len);
 		skb->data_len = data_len;
 		skb->len = size;
-		err = skb_copy_datagram_from_iovec(skb, 0, msg->msg_iov, 0, size);
+		err = skb_copy_datagram_from_iovec(skb, 0, msg->msg_iov,
+						   sent, size);
 		if (err) {
 			kfree_skb(skb);
 			goto out_err;