# HG changeset patch
# User kfraser@xxxxxxxxxxxxxxxxxxxxx
# Node ID 00199ed97fabffc636fb053dfc179c49b0279d84
# Parent 34520c9451ac9d4058d41445be9bda35e66bf6b9
[NET]: Fix segmentation of linear packets
skb_segment fails to segment linear packets correctly because it
tries to write all linear parts of the original skb into each
segment. This will always panic as each segment only contains
enough space for one MSS.
This was not detected earlier because linear packets should be
rare for GSO. In fact it still remains to be seen what exactly
created the linear packets that triggered this bug. Basically
the only time this should happen is if someone enables GSO
emulation on an interface that does not support SG.
Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
---
linux-2.6-xen-sparse/net/core/skbuff.c | 11 ++----
patches/linux-2.6.16.33/net-gso-6-linear-segmentation.patch | 21 ++++++++++++
patches/linux-2.6.16.33/series | 1
3 files changed, 27 insertions(+), 6 deletions(-)
diff -r 34520c9451ac -r 00199ed97fab linux-2.6-xen-sparse/net/core/skbuff.c
--- a/linux-2.6-xen-sparse/net/core/skbuff.c Fri Dec 15 09:29:15 2006 +0000
+++ b/linux-2.6-xen-sparse/net/core/skbuff.c Fri Dec 15 09:38:56 2006 +0000
@@ -1875,7 +1875,7 @@ struct sk_buff *skb_segment(struct sk_bu
do {
struct sk_buff *nskb;
skb_frag_t *frag;
- int hsize, nsize;
+ int hsize;
int k;
int size;
@@ -1886,11 +1886,10 @@ struct sk_buff *skb_segment(struct sk_bu
hsize = skb_headlen(skb) - offset;
if (hsize < 0)
hsize = 0;
- nsize = hsize + doffset;
- if (nsize > len + doffset || !sg)
- nsize = len + doffset;
-
- nskb = alloc_skb(nsize + headroom, GFP_ATOMIC);
+ if (hsize > len || !sg)
+ hsize = len;
+
+ nskb = alloc_skb(hsize + doffset + headroom, GFP_ATOMIC);
if (unlikely(!nskb))
goto err;
diff -r 34520c9451ac -r 00199ed97fab patches/linux-2.6.16.33/series
--- a/patches/linux-2.6.16.33/series Fri Dec 15 09:29:15 2006 +0000
+++ b/patches/linux-2.6.16.33/series Fri Dec 15 09:38:56 2006 +0000
@@ -17,6 +17,7 @@ net-gso-3-fix-errorcheck.patch
net-gso-3-fix-errorcheck.patch
net-gso-4-kill-warnon.patch
net-gso-5-rcv-mss.patch
+net-gso-6-linear-segmentation.patch
pci-mmconfig-fix-from-2.6.17.patch
pmd-shared.patch
rcu_needs_cpu.patch
diff -r 34520c9451ac -r 00199ed97fab
patches/linux-2.6.16.33/net-gso-6-linear-segmentation.patch
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/linux-2.6.16.33/net-gso-6-linear-segmentation.patch Fri Dec
15 09:38:56 2006 +0000
@@ -0,0 +1,26 @@
+diff -Naru a/net/core/skbuff.c b/net/core/skbuff.c
+--- a/net/core/skbuff.c 2006-12-14 09:32:04 -08:00
++++ b/net/core/skbuff.c 2006-12-14 09:32:04 -08:00
+@@ -1946,7 +1946,7 @@
+ do {
+ struct sk_buff *nskb;
+ skb_frag_t *frag;
+- int hsize, nsize;
++ int hsize;
+ int k;
+ int size;
+
+@@ -1957,11 +1957,10 @@
+ hsize = skb_headlen(skb) - offset;
+ if (hsize < 0)
+ hsize = 0;
+- nsize = hsize + doffset;
+- if (nsize > len + doffset || !sg)
+- nsize = len + doffset;
++ if (hsize > len || !sg)
++ hsize = len;
+
+- nskb = alloc_skb(nsize + headroom, GFP_ATOMIC);
++ nskb = alloc_skb(hsize + doffset + headroom, GFP_ATOMIC);
+ if (unlikely(!nskb))
+ goto err;
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
Home