From 90b75531add729ecbcc46f2a6fb070993b96bcec Mon Sep 17 00:00:00 2001
From: Marc Dionne <marc.c.dionne@gmail.com>
Date: Thu, 12 Aug 2010 16:33:04 -0400
Subject: [PATCH] Linux: avoid oops in memcpy_toiovec

With ADAPT_PMTU enabled, kernel_recvmsg can be called to receive
errors.  The call is made with no iovec supplied (we pass a NULL
pointer), but with a size of 256.  In the kernel, the memcpy_toiovec
function tests for size > 0, and proceeds to check iovec->iov_len,
which causes an oops.  Fix by setting the size to 0.

Change-Id: I3c672c2e67d0aa5af2bd54d0c14aaeae3bb3c530
Reviewed-on: http://gerrit.openafs.org/2546
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
---
 src/rx/LINUX/rx_knet.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/rx/LINUX/rx_knet.c b/src/rx/LINUX/rx_knet.c
index 8d73999ca8..590a060604 100644
--- a/src/rx/LINUX/rx_knet.c
+++ b/src/rx/LINUX/rx_knet.c
@@ -110,7 +110,7 @@ handle_socket_error(osi_socket so)
     msg.msg_controllen = 256;
     msg.msg_flags = 0;
 
-    code = kernel_recvmsg(sop, &msg, NULL, 0, 256,
+    code = kernel_recvmsg(sop, &msg, NULL, 0, 0,
 			  MSG_ERRQUEUE|MSG_DONTWAIT|MSG_TRUNC);
 
     if (code < 0 || !(msg.msg_flags & MSG_ERRQUEUE))