Hi Samuel, I had some questions about the patch e65b0f46edfd: "NFC: Fragment LLCP I frames" from Mar 5, 2012. net/nfc/llcp/commands.c + while (remaining_len > 0) { + + frag_len = min_t(u16, local->remote_miu, remaining_len); ^^^ This should be a cast to size_t. Otherwise for a large value of remaining_len we'd loop until we hit an allocation failure with pdu = llcp_allocate_pdu(); - sk = &sock->sk; - lock_sock(sk); + pr_debug("Fragment %zd bytes remaining %zd", + frag_len, remaining_len); - nfc_llcp_queue_i_frames(sock); + pdu = llcp_allocate_pdu(sock, LLCP_PDU_I, + frag_len + LLCP_SEQUENCE_SIZE); + if (pdu == NULL) + return -ENOMEM; + + skb_put(pdu, LLCP_SEQUENCE_SIZE); + + memcpy(skb_put(pdu, frag_len), msg_ptr, frag_len); + + skb_queue_head(&sock->tx_queue, pdu); + + lock_sock(sk); + + nfc_llcp_queue_i_frames(sock); + + release_sock(sk); + + remaining_len -= frag_len; + msg_ptr += len; Shouldn't this be msg_ptr += frag_len? + } regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html