From nobody@FreeBSD.org  Thu Jan 10 11:52:56 2002
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 11DFB37B41F
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 10 Jan 2002 11:52:53 -0800 (PST)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g0AJqrO12027;
	Thu, 10 Jan 2002 11:52:53 -0800 (PST)
	(envelope-from nobody)
Message-Id: <200201101952.g0AJqrO12027@freefall.freebsd.org>
Date: Thu, 10 Jan 2002 11:52:53 -0800 (PST)
From: Vladislav Shabanov <vs@rambler-co.ru>
To: freebsd-gnats-submit@FreeBSD.org
Subject: bug in sendfile implementation if nbytes != 0 and struct sf_hdtr *hdtr->headers != NULL
X-Send-Pr-Version: www-1.0

>Number:         33771
>Category:       kern
>Synopsis:       bug in sendfile implementation if nbytes != 0 and struct sf_hdtr *hdtr->headers != NULL
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    dg
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jan 10 12:00:10 PST 2002
>Closed-Date:    Thu Dec 19 05:43:03 PST 2002
>Last-Modified:  Thu Dec 19 05:43:03 PST 2002
>Originator:     Vladislav Shabanov
>Release:        RELENG_4
>Organization:
Rambler
>Environment:
FreeBSD index2.park.rambler.ru 4.4-RC FreeBSD 4.4-RC #2: Mon Oct  1 14:27:56 MSD
 2001     root@index2.park.rambler.ru:/usr/src/sys/compile/INDEX2  i386      
      
>Description:
sendfile does the following:

if (uap->hdtr != NULL) {
    ....
  if (hdtr.headers != NULL) {
     ...
     error = writev(p, &nuap);
     sbytes += p->p_retval[0];
    }
 }

if we have headers, sbytes > 0

next, in the main loop we do the following:

...
  if (uap->nbytes && xfsize > (uap->nbytes - sbytes))
     xfsize = uap->nbytes - sbytes;

in this code we think that sbytes accumulates only
file`s contents. Therefore, the last NNN bytes of 
file will be forgotten. (NNN = p->p_retval[0] fron writev)





      
>How-To-Repeat:
.      
>Fix:
use separate counter for the header size:

off_t off, xfsize, sbytes = 0, sbytes1 = 0;

....

		if (hdtr.headers != NULL) {
			nuap.fd = uap->s;
			nuap.iovp = hdtr.headers;
			nuap.iovcnt = hdtr.hdr_cnt;
			error = writev(p, &nuap);
			if (error)
				goto done;
			sbytes1 = p->p_retval[0];
		}

....

done:
	if (uap->sbytes != NULL) {
           sbytes += sbytes1;
           copyout(&sbytes, uap->sbytes, sizeof(off_t));
	}


>Release-Note:
>Audit-Trail:

From: Maxim Konovalov <maxim@macomnet.ru>
To: Vladislav Shabanov <vs@rambler-co.ru>
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: kern/33771: bug in sendfile implementation if nbytes != 0 and
 struct sf_hdtr *hdtr->headers != NULL
Date: Tue, 22 Jan 2002 18:59:32 +0300 (MSK)

 Here is a patch:
 
 Index: uipc_syscalls.c
 ===================================================================
 RCS file: /home/ncvs/src/sys/kern/uipc_syscalls.c,v
 retrieving revision 1.65.2.9
 diff -u -r1.65.2.9 uipc_syscalls.c
 --- uipc_syscalls.c	2001/07/31 10:49:39	1.65.2.9
 +++ uipc_syscalls.c	2002/01/22 15:01:42
 @@ -1532,10 +1532,11 @@
  	struct vm_page *pg;
  	struct writev_args nuap;
  	struct sf_hdtr hdtr;
 -	off_t off, xfsize, sbytes = 0;
 +	off_t off, xfsize, hdtr_size, sbytes = 0;
  	int error = 0, s;
 
  	vp = NULL;
 +	hdtr_size = 0;
  	/*
  	 * Do argument checking. Must be a regular file in, stream
  	 * type and connected socket out, positive offset.
 @@ -1591,7 +1592,7 @@
  			error = writev(p, &nuap);
  			if (error)
  				goto done;
 -			sbytes += p->p_retval[0];
 +			hdtr_size += p->p_retval[0];
  		}
  	}
 
 @@ -1831,11 +1832,12 @@
  			error = writev(p, &nuap);
  			if (error)
  				goto done;
 -			sbytes += p->p_retval[0];
 +			hdtr_size += p->p_retval[0];
  	}
 
  done:
  	if (uap->sbytes != NULL) {
 +		sbytes += hdtr_size;
  		copyout(&sbytes, uap->sbytes, sizeof(off_t));
  	}
  	if (vp)
 
 -- 
 Maxim Konovalov, MAcomnet, Internet-Intranet Dept., system engineer
 phone: +7 (095) 796-9079, mailto: maxim@macomnet.ru
 
Responsible-Changed-From-To: freebsd-bugs->dg 
Responsible-Changed-By: sheldonh 
Responsible-Changed-When: Tue Jan 29 04:58:32 PST 2002 
Responsible-Changed-Why:  
David, this looks closely related to the work you're discussing 
with Alfred in connection with sendfile(). 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=33771 
State-Changed-From-To: open->closed 
State-Changed-By: maxim 
State-Changed-When: Thu Dec 19 05:40:22 PST 2002 
State-Changed-Why:  
alfred fixed this bug in rev. 1.103 and rev. 1.65.2.10 
src/sys/kern/uipc_syscalls.c in -CURRENT and -STABLE six months ago. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=33771 
>Unformatted:
