From 07dbf2c768506b6c664de62a9ca57bbeda41ee11 Mon Sep 17 00:00:00 2001 From: Scott Long Date: Thu, 28 Mar 2013 14:14:28 +0000 Subject: [PATCH] Several fixes and improvements to sendfile() 1. If we wanted to send exactly as many bytes as the socket buffer is sized for, the inner loop of kern_sendfile() would see that the socket is full before seeing that it had no more bytes left to send. This would cause it to return EAGAIN to the caller instead of success. Fix by changing the order that these conditions are tested. 2. Simplify the calculation for the bytes to send in each iteration of the inner loop of kern_sendfile() 3. Fix some calls with bogus arguments to sf_buf_ext(). These would only trigger on mbuf allocation failure, but would be hilariously bad if they did trigger. Submitted by: gibbs(3), andre(2) Reviewed by: emax, andre Obtained from: Netflix MFC after: 1 week --- sys/kern/uipc_syscalls.c | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c index 42a1ff1763c6..3ee48c8168ba 100644 --- a/sys/kern/uipc_syscalls.c +++ b/sys/kern/uipc_syscalls.c @@ -2115,7 +2115,7 @@ retry_space: * Loop and construct maximum sized mbuf chain to be bulk * dumped into socket buffer. */ - while (space > loopbytes) { + while (1) { vm_pindex_t pindex; vm_offset_t pgoff; struct mbuf *m0; @@ -2127,15 +2127,12 @@ retry_space: * or the passed in nbytes. */ pgoff = (vm_offset_t)(off & PAGE_MASK); - xfsize = omin(PAGE_SIZE - pgoff, - obj->un_pager.vnp.vnp_size - uap->offset - - fsbytes - loopbytes); if (uap->nbytes) rem = (uap->nbytes - fsbytes - loopbytes); else rem = obj->un_pager.vnp.vnp_size - uap->offset - fsbytes - loopbytes; - xfsize = omin(rem, xfsize); + xfsize = omin(PAGE_SIZE - pgoff, rem); xfsize = omin(space - loopbytes, xfsize); if (xfsize <= 0) { VM_OBJECT_WUNLOCK(obj); @@ -2143,6 +2140,16 @@ retry_space: break; } + /* + * We've already overfilled the socket. + * Let the outer loop figure out how to handle it. + */ + if (space <= loopbytes) { + VM_OBJECT_WUNLOCK(obj); + done = 0; + break; + } + /* * Attempt to look up the page. Allocate * if not found or wait and loop if busy. @@ -2249,14 +2256,14 @@ retry_space: m0 = m_get((mnw ? M_NOWAIT : M_WAITOK), MT_DATA); if (m0 == NULL) { error = (mnw ? EAGAIN : ENOBUFS); - sf_buf_mext((void *)sf_buf_kva(sf), sf); + sf_buf_mext(NULL, sf); break; } if (m_extadd(m0, (caddr_t )sf_buf_kva(sf), PAGE_SIZE, sf_buf_mext, sfs, sf, M_RDONLY, EXT_SFBUF, (mnw ? M_NOWAIT : M_WAITOK)) != 0) { error = (mnw ? EAGAIN : ENOBUFS); - sf_buf_mext((void *)sf_buf_kva(sf), sf); + sf_buf_mext(NULL, sf); m_freem(m0); break; }