login
Search
On Fri, Jan 09, 2009 at 09:51:17PM +0100, Eric Dumazet wrote:
(...)
huh, not nice indeed!
While looking at the code to see how this could be possible, I
came across this minor thing (unrelated IMHO) :
if (__skb_splice_bits(skb, &offset, &tlen, &spd))
goto done;
/*
* now see if we have a frag_list to map
*/
if (skb_shinfo(skb)->frag_list) {
struct sk_buff *list = skb_shinfo(skb)->frag_list;
for (; list && tlen; list = list->next) {
if (__skb_splice_bits(list, &offset, &tlen, &spd))
break;
}
}
done:
Above on the enlighted line, we'd better remove the else and leave a plain
"if (!tlen)". Otherwise, when the first call to __skb_splice_bits() zeroes
tlen, we still enter the if and evaluate the for condition for nothing. But
let's leave that for later.
> I suspect a bug in splice code, that my patch just exposed.
I've checked in skb_splice_bits() and below and can't see how we can move
more than the requested len.
However, with your change, I don't clearly see how we break out of
the loop in tcp_read_sock(). Maybe we first read 1000 then loop again
and read remaining data ? I suspect that we should at least exit when
((struct tcp_splice_state *)desc->arg.data)->len = 0.
At least that's something easy to add just before or after !desc->count
for a test.
Regards,
Willy
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
| david | Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3 |
| Eric Sandeen | Re: [RFC] Heads up on sys_fallocate() |
| Filippos Papadopoulos | Re: INITIO scsi driver fails to work properly |
| Greg KH | [GIT PATCH] driver core patches against 2.6.24 |
git: | |
| Gerrit Renker | [PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side) |
| David Miller | [GIT]: Networking |
| Jarek Poplawski | [PATCH take 2] pkt_sched: Protect gen estimators under est_lock. |
| Natalie Protasevich | [BUG] New Kernel Bugs |
