]> git.karo-electronics.de Git - karo-tx-linux.git/commit
projects / karo-tx-linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b4ae871) | patch
ip: fix truesize mismatch in ip fragmentation
authorEric Dumazet <eric.dumazet@gmail.com>
Tue, 21 Sep 2010 08:47:45 +0000 (08:47 +0000)
committerGreg Kroah-Hartman <gregkh@suse.de>
Mon, 21 Mar 2011 19:43:19 +0000 (12:43 -0700)
commit107ed4220f8884e3ac026636dfc19c45b8fc990a
treecd6866542cf3f4b2de8806181eb860b53f79e3e7tree | snapshot
parentb4ae8715e06c5e10bb6f86bd3085e5c3236ed81ecommit | diff
ip: fix truesize mismatch in ip fragmentation

[ Upstream commit 3d13008e7345fa7a79d8f6438150dc15d6ba6e9d ]

Special care should be taken when slow path is hit in ip_fragment() :

When walking through frags, we transfert truesize ownership from skb to
frags. Then if we hit a slow_path condition, we must undo this or risk
uncharging frags->truesize twice, and in the end, having negative socket
sk_wmem_alloc counter, or even freeing socket sooner than expected.

Many thanks to Nick Bowler, who provided a very clean bug report and
test program.

Thanks to Jarek for reviewing my first patch and providing a V2

While Nick bisection pointed to commit 2b85a34e911 (net: No more
expensive sock_hold()/sock_put() on each tx), underlying bug is older
(2.6.12-rc5)

A side effect is to extend work done in commit b2722b1c3a893e
(ip_fragment: also adjust skb->truesize for packets not owned by a
socket) to ipv6 as well.

Reported-and-bisected-by: Nick Bowler <nbowler@elliptictech.com>
Tested-by: Nick Bowler <nbowler@elliptictech.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
CC: Jarek Poplawski <jarkao2@gmail.com>
CC: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
net/ipv4/ip_output.c diff | blob | history
net/ipv6/ip6_output.c diff | blob | history
Linux kernel for KaRo TX COM modules