From patchwork Fri Dec  2 15:44:23 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Eric Dumazet <eric.dumazet@gmail.com>
X-Patchwork-Id: 128892
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id A07ACB6F69
	for <patchwork-incoming@ozlabs.org>;
	Sat,  3 Dec 2011 02:44:33 +1100 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1756864Ab1LBPo3 (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Fri, 2 Dec 2011 10:44:29 -0500
Received: from mail-vw0-f46.google.com ([209.85.212.46]:48392 "EHLO
	mail-vw0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1756785Ab1LBPo2 (ORCPT
	<rfc822;netdev@vger.kernel.org>); Fri, 2 Dec 2011 10:44:28 -0500
Received: by vbbfc26 with SMTP id fc26so2379378vbb.19
	for <netdev@vger.kernel.org>; Fri, 02 Dec 2011 07:44:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=message-id:subject:from:to:cc:date:in-reply-to:references
	:content-type:x-mailer:content-transfer-encoding:mime-version;
	bh=b4QN6+JOUyrAdFGS0Kpno/8pjMuyUCXKmk7mlYOUSkk=;
	b=GFAapGC+AHEpODD4UV2xUml8eLNRzRwnLggqntL8PH9se4VgtVF2jDg9O+vBDy+ij4
	40FrLz52Cn9qjAUE8v7YxOYgL6veIqLA4JnLMhvOrf7JlZqecDMp0AmaUJHKbINidD3p
	NJUnHgGLyxnHNvbjV1rb1ae7RXSkRS+b4hAdQ=
Received: by 10.52.92.42 with SMTP id cj10mr10025498vdb.62.1322840667755;
	Fri, 02 Dec 2011 07:44:27 -0800 (PST)
Received: from [10.170.237.6] ([87.255.129.107])
	by mx.google.com with ESMTPS id
	eu4sm10199748vdc.8.2011.12.02.07.44.25
	(version=SSLv3 cipher=OTHER); Fri, 02 Dec 2011 07:44:26 -0800 (PST)
Message-ID: <1322840663.2762.26.camel@edumazet-laptop>
Subject: Re: Bug in computing data_len in tcp_sendmsg?
From: Eric Dumazet <eric.dumazet@gmail.com>
To: Vijay Subramanian <subramanian.vijay@gmail.com>
Cc: Tom Herbert <therbert@google.com>,
	Linux Netdev List <netdev@vger.kernel.org>,
	David Miller <davem@davemloft.net>
Date: Fri, 02 Dec 2011 16:44:23 +0100
In-Reply-To: <1322827188.2607.19.camel@edumazet-laptop>
References: 
 <CA+mtBx8+sajFaCWqHRr+pY5EAHwN8G61v6cr-HydYhbbdxAgHQ@mail.gmail.com>
	<1322710962.2577.3.camel@edumazet-laptop>
	<CA+mtBx_CUsuGunKONwBNA8qyVni16+RtrRL8w=THYY0mEDcvaA@mail.gmail.com>
	<1322713032.2577.7.camel@edumazet-laptop>
	<CAGK4HS8fLWwdPsrag6+Mz93_ZNg2B5JRjx2s=Re8_Qiv4V=T=w@mail.gmail.com>
	<1322778621.2750.48.camel@edumazet-laptop>
	<CAGK4HS84vepB-cOnjOASqXy2gLWGwx=RHnQ3PbbMPezxJ5m3QQ@mail.gmail.com>
	<1322827188.2607.19.camel@edumazet-laptop>
X-Mailer: Evolution 3.2.1- 
Mime-Version: 1.0
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

Le vendredi 02 décembre 2011 à 12:59 +0100, Eric Dumazet a écrit :

> Thanks for this detailed explanation !
> 
> And yes, you're probably right.
> 
> Are you willing to submit a patch to fix this ?
> 
> (If not, I can do it myself of course)
> 

[PATCH net-next] tcp: fix tcp_trim_head()

commit f07d960df3 (tcp: avoid frag allocation for small frames)
breaked assumption in tcp stack that skb is either linear (data_len ==
0), either fully fragged (data_len == len)

Thanks to Vijay for providing a very detailed explanation.

Reported-by: Vijay Subramanian <subramanian.vijay@gmail.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
---
 net/ipv4/tcp_output.c |   13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)



--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 58f69ac..4a0f54a 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -1093,6 +1093,13 @@ static void __pskb_trim_head(struct sk_buff *skb, int len)
 {
 	int i, k, eat;
 
+	eat = min_t(int, len, skb_headlen(skb));
+	if (eat) {
+		__skb_pull(skb, eat);
+		len -= eat;
+		if (!len)
+			return;
+	}
 	eat = len;
 	k = 0;
 	for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
@@ -1124,11 +1131,7 @@ int tcp_trim_head(struct sock *sk, struct sk_buff *skb, u32 len)
 	if (skb_cloned(skb) && pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
 		return -ENOMEM;
 
-	/* If len == headlen, we avoid __skb_pull to preserve alignment. */
-	if (unlikely(len < skb_headlen(skb)))
-		__skb_pull(skb, len);
-	else
-		__pskb_trim_head(skb, len - skb_headlen(skb));
+	__pskb_trim_head(skb, len);
 
 	TCP_SKB_CB(skb)->seq += len;
 	skb->ip_summed = CHECKSUM_PARTIAL;