[patch] bug prematurely setting nr_frags

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Benjamin LaHaise <bcrl@redhat.com>
To: davem@redhat.com, netdev@oss.sgi.com
Subject: [patch] bug prematurely setting nr_frags
Date: Fri, 9 Aug 2002 16:14:39 -0400	[thread overview]
Message-ID: <20020809161439.E10640@redhat.com> (raw)

Hello Dave et al,

The patch below fixes a case where nr_frags will be incorrectly set when an 
allocation fails in sock_alloc_send_pskb.  This bug was found while trying 
to track down a problem that shows up as an oops attempting to free a page 
that comes from an uninitialized fragment entry in an skb, and this problem 
looks like a possible causes.  Thanks goes to Stephen Tweedie for digging 
through the crash dump to find several key bits of data.

		-ben
-- 
"You will be reincarnated as a toad; and you will be much happier."

:r ~/patches/v2.4/v2.4.20-pre1-nr_frags.diff
diff -urN v2.4.20-pre1/net/core/sock.c net-2.4.20-pre1/net/core/sock.c
--- v2.4.20-pre1/net/core/sock.c	Fri Aug  9 13:50:46 2002
+++ net-2.4.20-pre1/net/core/sock.c	Fri Aug  9 15:46:46 2002
@@ -785,7 +785,6 @@

 				npages = (data_len + (PAGE_SIZE - 1)) >> PAGE_SHIFT;
 				skb->truesize += data_len;
-				skb_shinfo(skb)->nr_frags = npages;
 				for (i = 0; i < npages; i++) {
 					struct page *page;
 					skb_frag_t *frag;
@@ -804,6 +803,9 @@
 						      PAGE_SIZE :
 						      data_len);
 					data_len -= PAGE_SIZE;
+
+					/* frag[i] is now initialized */
+					skb_shinfo(skb)->nr_frags = i + 1;
 				}

 				/* Full success... */

next             reply	other threads:[~2002-08-09 20:14 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-08-09 20:14 Benjamin LaHaise [this message]
2002-08-11 21:07 ` [patch] bug prematurely setting nr_frags kuznet
2002-08-12 23:07   ` Benjamin LaHaise
2002-08-13  4:06     ` kuznet
2002-08-13 18:31       ` Benjamin LaHaise
2002-08-13 22:27         ` kuznet

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20020809161439.E10640@redhat.com \
    --to=bcrl@redhat.com \
    --cc=davem@redhat.com \
    --cc=netdev@oss.sgi.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.