Am Montag, 26. Januar 2015, 10:55:50 schrieb Herbert Xu: Hi Herbert, > On Wed, Jan 21, 2015 at 02:19:17AM +0100, Stephan Mueller wrote: > > + /* use the existing memory in an allocated page */ > > + if (ctx->merge) { > > + sg = sgl->sg + sgl->cur - 1; > > + len = min_t(unsigned long, len, > > + PAGE_SIZE - sg->offset - sg->length); > > + err = memcpy_from_msg(page_address(sg_page(sg)) + > > + sg->offset + sg->length, > > + msg, len); > > + if (err) > > + goto unlock; > > + > > + sg->length += len; > > + ctx->merge = (sg->offset + sg->length) & > > + (PAGE_SIZE - 1); > > + > > + ctx->used += len; > > + copied += len; > > + size -= len; > > Need to add a continue here to recheck size != 0. Why would that be needed? When size is still != 0 (i.e. the existing buffer is completely filled, we have still some remaining data), we fall through to the while loop that generates a new buffer. If we add a continue here, we start the next iteration in the outer while loop which again checks for the merging of data in an existing buffer. As this merging will never happen as we filled that buffer completely in the previous loop, we always will fall through to the inner while loop. Thus, not having the check for size != 0 is functional identical to having it (besides, it is more efficient to not having it). Note, this case is triggered in my tests, where I use sendmsg with first a small buffer, followed by a large buffer. And I still can send 65536 bytes to the kernel. -- Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html