From owner-freebsd-bugs Thu Jan 10 12: 0:26 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 8424637B41C for ; Thu, 10 Jan 2002 12:00:10 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g0AK0Ah12826; Thu, 10 Jan 2002 12:00:10 -0800 (PST) (envelope-from gnats) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 11DFB37B41F for ; Thu, 10 Jan 2002 11:52:53 -0800 (PST) Received: (from nobody@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g0AJqrO12027; Thu, 10 Jan 2002 11:52:53 -0800 (PST) (envelope-from nobody) Message-Id: <200201101952.g0AJqrO12027@freefall.freebsd.org> Date: Thu, 10 Jan 2002 11:52:53 -0800 (PST) From: Vladislav Shabanov To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: kern/33771: bug in sendfile implementation if nbytes != 0 and struct sf_hdtr *hdtr->headers != NULL Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 33771 >Category: kern >Synopsis: bug in sendfile implementation if nbytes != 0 and struct sf_hdtr *hdtr->headers != NULL >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jan 10 12:00:10 PST 2002 >Closed-Date: >Last-Modified: >Originator: Vladislav Shabanov >Release: RELENG_4 >Organization: Rambler >Environment: FreeBSD index2.park.rambler.ru 4.4-RC FreeBSD 4.4-RC #2: Mon Oct 1 14:27:56 MSD 2001 root@index2.park.rambler.ru:/usr/src/sys/compile/INDEX2 i386 >Description: sendfile does the following: if (uap->hdtr != NULL) { .... if (hdtr.headers != NULL) { ... error = writev(p, &nuap); sbytes += p->p_retval[0]; } } if we have headers, sbytes > 0 next, in the main loop we do the following: ... if (uap->nbytes && xfsize > (uap->nbytes - sbytes)) xfsize = uap->nbytes - sbytes; in this code we think that sbytes accumulates only file`s contents. Therefore, the last NNN bytes of file will be forgotten. (NNN = p->p_retval[0] fron writev) >How-To-Repeat: . >Fix: use separate counter for the header size: off_t off, xfsize, sbytes = 0, sbytes1 = 0; .... if (hdtr.headers != NULL) { nuap.fd = uap->s; nuap.iovp = hdtr.headers; nuap.iovcnt = hdtr.hdr_cnt; error = writev(p, &nuap); if (error) goto done; sbytes1 = p->p_retval[0]; } .... done: if (uap->sbytes != NULL) { sbytes += sbytes1; copyout(&sbytes, uap->sbytes, sizeof(off_t)); } >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message