Message ID | 20100811120210.GA24019@ff.dom.local |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
From: Jarek Poplawski <jarkao2@gmail.com> Date: Wed, 11 Aug 2010 12:02:10 +0000 >>Xin Xiaohui wrote: >> I looked into the code dev_gro_receive(), found the code here: >> if the frags[0] is pulled to 0, then the page will be released, >> and memmove() frags left. >> Is that right? I'm not sure if memmove do right or not, but >> frags[0].size is never set after memove at least. what I think >> a simple way is not to do anything if we found frags[0].size == 0. >> The patch is as followed. > ... > > This version of the patch fixes the bug directly in memmove. > > Reported-by: "Xin, Xiaohui" <xiaohui.xin@intel.com> > Signed-off-by: Jarek Poplawski <jarkao2@gmail.com> Applied thanks a lot Jarek. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/core/dev.c b/net/core/dev.c index 1ae6543..3721fbb 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -3143,7 +3143,7 @@ pull: put_page(skb_shinfo(skb)->frags[0].page); memmove(skb_shinfo(skb)->frags, skb_shinfo(skb)->frags + 1, - --skb_shinfo(skb)->nr_frags); + --skb_shinfo(skb)->nr_frags * sizeof(skb_frag_t)); } }