On Tue, 2016-08-16 at 13:27 -0700, Eric Dumazet wrote:
>
> Look at skb_entail() : It calls tcp_add_write_queue_tail()
>
> And tcp_add_write_queue_tail() looks like :
>
>
> static inline void tcp_add_write_queue_tail(struct sock *sk, struct sk_buff
> *skb)
> {
> __tcp_add_write_queue_tail(sk, skb);
>
> /* Queue it, remembering where we must start sending. */
> if (sk->sk_send_head == NULL) {
> sk->sk_send_head = skb;
>
> if (tcp_sk(sk)->highest_sack == NULL)
> tcp_sk(sk)->highest_sack = skb;
> }
> }
>
>
> So we definitely need to undo what tcp_add_write_queue_tail() did.
So the bug was probably added in 2.6.25
commit 6859d49475d4f32abe640372117e4b687906e6b6
Author: Ilpo Järvinen <[email protected]>
Date: Sun Dec 2 00:48:06 2007 +0200
[TCP]: Abstract tp->highest_sack accessing & point to next skb
Pointing to the next skb is necessary to avoid referencing
already SACKed skbs which will soon be on a separate list.
Signed-off-by: Ilpo Järvinen <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
