Am Montag, 26. Januar 2015, 10:55:50 schrieb Herbert Xu:
Hi Herbert,
> On Wed, Jan 21, 2015 at 02:19:17AM +0100, Stephan Mueller wrote:
> > + /* use the existing memory in an allocated page */
> > + if (ctx->merge) {
> > + sg = sgl->sg + sgl->cur - 1;
> > + len = min_t(unsigned long, len,
> > + PAGE_SIZE - sg->offset - sg->length);
> > + err = memcpy_from_msg(page_address(sg_page(sg)) +
> > + sg->offset + sg->length,
> > + msg, len);
> > + if (err)
> > + goto unlock;
> > +
> > + sg->length += len;
> > + ctx->merge = (sg->offset + sg->length) &
> > + (PAGE_SIZE - 1);
> > +
> > + ctx->used += len;
> > + copied += len;
> > + size -= len;
>
> Need to add a continue here to recheck size != 0.
Why would that be needed?
When size is still != 0 (i.e. the existing buffer is completely filled, we
have still some remaining data), we fall through to the while loop that
generates a new buffer.
If we add a continue here, we start the next iteration in the outer while loop
which again checks for the merging of data in an existing buffer. As this
merging will never happen as we filled that buffer completely in the previous
loop, we always will fall through to the inner while loop. Thus, not having
the check for size != 0 is functional identical to having it (besides, it is
more efficient to not having it).
Note, this case is triggered in my tests, where I use sendmsg with first a
small buffer, followed by a large buffer. And I still can send 65536 bytes to
the kernel.
--
Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
