From owner-freebsd-net@FreeBSD.ORG Thu Jul 8 07:51:26 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 77DE51065672; Thu, 8 Jul 2010 07:51:26 +0000 (UTC) (envelope-from avg@icyb.net.ua) Received: from citadel.icyb.net.ua (citadel.icyb.net.ua [212.40.38.140]) by mx1.freebsd.org (Postfix) with ESMTP id 6EA2B8FC15; Thu, 8 Jul 2010 07:51:24 +0000 (UTC) Received: from porto.topspin.kiev.ua (porto-e.starpoint.kiev.ua [212.40.38.100]) by citadel.icyb.net.ua (8.8.8p3/ICyb-2.3exp) with ESMTP id KAA17870; Thu, 08 Jul 2010 10:51:23 +0300 (EEST) (envelope-from avg@icyb.net.ua) Received: from localhost.topspin.kiev.ua ([127.0.0.1]) by porto.topspin.kiev.ua with esmtp (Exim 4.34 (FreeBSD)) id 1OWltD-0003R9-2u; Thu, 08 Jul 2010 10:51:23 +0300 Message-ID: <4C358379.2040404@icyb.net.ua> Date: Thu, 08 Jul 2010 10:51:21 +0300 From: Andriy Gapon User-Agent: Thunderbird 2.0.0.24 (X11/20100603) MIME-Version: 1.0 To: freebsd-net@freebsd.org, Konstantin Belousov References: <7C3D15DD6E8F464998CA1470D8A322F302BB9F72@ES02CO.wgti.net> <4C34FFAD.6050504@icyb.net.ua> In-Reply-To: <4C34FFAD.6050504@icyb.net.ua> X-Enigmail-Version: 0.96.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Ming Fu , "Christian S.J. Peron" Subject: Re: kern/123095 kern/131602 sendfile X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Jul 2010 07:51:26 -0000 Not an expert by any measure but the following looks suspicious: m_copy/m_copym calls mb_dupcl for M_EXT case and M_RDONLY is _not_ checked nor preserved in that case. So we may get a writable M_EXT mbuf pointing to sf_buf wrapping a page of a file. But I am not sure if/how mbufs are re-used and if we can end up actually writing something to the resulting mbuf. -- Andriy Gapon