Hi Davem,
I can't quite put my finger on what wait_for_tcp_memory() is
supposed to do, but the code looks EXTREMELY suspect and I've
had a report of somebody looping in the for(;;) loop in that
function without ever exiting and getting his TCP connection
stuck there...
Also, the locking inside the loop seems fragile, to say the
least.
from tcp.c:
865 if (tcp_memory_free(sk) && !vm_wait)
866 break;
880 release_sock(sk);
881 if (!tcp_memory_free(sk) || vm_wait)
882 current_timeo = schedule_timeout(current_timeo);
883 lock_sock(sk);
Here we hold the lock for the entire loop (meaning that
other people cannot make the exit condition on line 865
come true.
Except for doing a test on tcp_memory_free(sk), where we
do NOT hold the lock we're so dutifully clinging to during
the rest of the loop...
As I said, I can't put my finger down on what exactly is
wrong, but this code looks subtle enough that, together
with the bugreport I got (on IRC), I have the feeling that
it just _can't_ be right ...
regards,
Rik
--
"What you're running that piece of shit Gnome?!?!"
-- Miguel de Icaza, UKUUG 2000
http://www.conectiva.com/ http://www.surriel.com/
|