On Tue, Aug 12, 2014 at 10:35 PM, <Valdis.Kletnieks@xxxxxx> wrote:
On Tue, 12 Aug 2014 23:24:32 -0400, Nicholas Krause said:
> This patch checks if we are getting a Null allocated skb in the while/do
> loop of this function.
> skb = dev_alloc_skb(frag_length + 4);Nick, it's *STILL* wrong. And although I admit I blew it on the refcount
> + if (skb == NULL) {
> + rt_status = false;
> + break;
> + }
issue, that doesn't change the fact that you're still leaking memory here.
Work this through. Hand simulate it. Pretend that 3 fragments are
needed, and that the first two succeed but the third one fails.
Who frees the first two fragments before you return?
For bonus points - explain under what conditions this bug can *possibly*
be triggered on an actual system. Consider in your reply both (a) when this
code is called and (b) what the system state *should* be at that point, and
what it has to be for this bug to trigger. Given your answer to (a) and (b),
extrapolate to what the next few hundredths of a second likely hold for
this system even after we've fixed the bug you're mis-fixing here.
Once you've done that, you'll hopefully understand why you're trying to fix
a bug from 2009.
And it may also be a good idea to post the logs regarding how you tested your patch and verified that the fix works as expected. As you are asking someone else to send the patch on behalf of you, anyone who volunteers would like to verify that the patch is indeed tested properly before forwarding.
Thanks -
Manish
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@xxxxxxxxxxxxxxxxx
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
_______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
