Re: [PATCH] net: Fix a memmove bug in dev_gro_receive()

Is it a possible bug in dev_gro_receive()? · Xin Xiaohui <hidden> · 2010-07-30
Re: Is it a possible bug in dev_gro_receive()? · Jarek Poplawski <hidden> · 2010-08-02
Re: Is it a possible bug in dev_gro_receive()? · Herbert Xu <herbert@gondor.apana.org.au> · 2010-08-02
RE: Is it a possible bug in dev_gro_receive()? · Xin, Xiaohui <hidden> · 2010-08-03
Re: Is it a possible bug in dev_gro_receive()? · Jarek Poplawski <hidden> · 2010-08-03
RE: Is it a possible bug in dev_gro_receive()? · Xin, Xiaohui <hidden> · 2010-08-10
Re: Is it a possible bug in dev_gro_receive()? · Jarek Poplawski <hidden> · 2010-08-10
[PATCH] net: Fix a memmove bug in dev_gro_receive() · Jarek Poplawski <hidden> · 2010-08-11
Re: [PATCH] net: Fix a memmove bug in dev_gro_receive() · David Miller <davem@davemloft.net> · 2010-08-18

From: David Miller <davem@davemloft.net>
Date: 2010-08-18 00:37:38

From: Jarek Poplawski <redacted>
Date: Wed, 11 Aug 2010 12:02:10 +0000

quoted

Xin Xiaohui wrote:
I looked into the code dev_gro_receive(), found the code here:
if the frags[0] is pulled to 0, then the page will be released,
and memmove() frags left.
Is that right? I'm not sure if memmove do right or not, but
frags[0].size is never set after memove at least. what I think
a simple way is not to do anything if we found frags[0].size == 0.
The patch is as followed.

...

This version of the patch fixes the bug directly in memmove.

Reported-by: "Xin, Xiaohui" <redacted>
Signed-off-by: Jarek Poplawski <redacted>

Applied thanks a lot Jarek.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help