Re: [PATCH] tcp_sendpage(): fix broken page iteration

[David Miller]

From: Dan Aloni <da-x@xxxxxxxxxxxxx>
Date: Sun, 18 Mar 2007 14:43:46 +0200

> do_tcp_sendpages() should not iterate 'pages' as an array since 
> it is not an array of 'struct page *', but a pointer to a single 
> entity of 'struct page *' passed on the stack as a parameter to 
> tcp_send_page() (hence it would crash if poffset + psize > PAGE_SIZE,
> because pages[1] and beyond most probably not constitutes a valid 
> 'struct page *').

do_tcp_sendpages() should never get passed poffset+psize>PAGE_SIZE,
that would be a bug.

Feel free to add a BUG() check for that if you wish, and a fix for any
caller which violates this.

The code is perfectly fine as-is.  It was originally written to accept
page arrays, but once it was decided that ->sendpage() would only pass
in one page, we simply modified to caller of do_tcp_sendpages() to
accomodate this argument passing change, instead of changing
do_tcp_sendpages() which is totally unnecessary.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/