On Tue, 12 Aug 2014 23:24:32 -0400, Nicholas Krause said:
> This patch checks if we are getting a Null allocated skb in the while/do
> loop of this function.
> skb = dev_alloc_skb(frag_length + 4);
> + if (skb == NULL) {
> + rt_status = false;
> + break;
> + }
Nick, it's *STILL* wrong. And although I admit I blew it on the refcount
issue, that doesn't change the fact that you're still leaking memory here.
Work this through. Hand simulate it. Pretend that 3 fragments are
needed, and that the first two succeed but the third one fails.
Who frees the first two fragments before you return?
For bonus points - explain under what conditions this bug can *possibly*
be triggered on an actual system. Consider in your reply both (a) when this
code is called and (b) what the system state *should* be at that point, and
what it has to be for this bug to trigger. Given your answer to (a) and (b),
extrapolate to what the next few hundredths of a second likely hold for
this system even after we've fixed the bug you're mis-fixing here.
Once you've done that, you'll hopefully understand why you're trying to fix
a bug from 2009.
Attachment:
pgpcatW4I1HIy.pgp
Description: PGP signature
_______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
