From: Herbert Xu <[EMAIL PROTECTED]> Date: Tue, 18 Apr 2006 22:32:04 +1000
> You're absolutely right about there being a problem with the TSO packet > trimming code. The cause of this lies in the tcp_fragment() function. > > When we allocate a fragment for a completely non-linear packet the > truesize is calculated for a payload length of zero. This means that > truesize could in fact be less than the real payload length. > > When that happens the TSO packet trimming can cause truesize to become > negative. This in turn can cause sk_forward_alloc to be -n * PAGE_SIZE > which would trigger the warning. > > I've copied the code you used in tso_fragment which should work here. > > Signed-off-by: Herbert Xu <[EMAIL PROTECTED]> Thanks for discovering this, very nice work Herbert. So what we find out time and time again, is that the TSO splitting and trimming code enforces that the skb->truesize of every TCP packet must be accurate at all times. I think it is deserving of some run time assertions, else these bugs will elude us continually. Luckily there are only a few places that would need the run time assertion checks on skb->truesize, and I'll try to spend a few cycles on implementing this soon. Patch applied, thanks a lot! - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
