ia64/xen-unstable

changeset 13052:00199ed97fab

[NET]: Fix segmentation of linear packets

skb_segment fails to segment linear packets correctly because it
tries to write all linear parts of the original skb into each
segment. This will always panic as each segment only contains
enough space for one MSS.

This was not detected earlier because linear packets should be
rare for GSO. In fact it still remains to be seen what exactly
created the linear packets that triggered this bug. Basically
the only time this should happen is if someone enables GSO
emulation on an interface that does not support SG.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
author kfraser@localhost.localdomain
date Fri Dec 15 09:38:56 2006 +0000 (2006-12-15)
parents 34520c9451ac
children c3425346188c
files linux-2.6-xen-sparse/net/core/skbuff.c patches/linux-2.6.16.33/net-gso-6-linear-segmentation.patch patches/linux-2.6.16.33/series
line diff
     1.1 --- a/linux-2.6-xen-sparse/net/core/skbuff.c	Fri Dec 15 09:29:15 2006 +0000
     1.2 +++ b/linux-2.6-xen-sparse/net/core/skbuff.c	Fri Dec 15 09:38:56 2006 +0000
     1.3 @@ -1875,7 +1875,7 @@ struct sk_buff *skb_segment(struct sk_bu
     1.4  	do {
     1.5  		struct sk_buff *nskb;
     1.6  		skb_frag_t *frag;
     1.7 -		int hsize, nsize;
     1.8 +		int hsize;
     1.9  		int k;
    1.10  		int size;
    1.11  
    1.12 @@ -1886,11 +1886,10 @@ struct sk_buff *skb_segment(struct sk_bu
    1.13  		hsize = skb_headlen(skb) - offset;
    1.14  		if (hsize < 0)
    1.15  			hsize = 0;
    1.16 -		nsize = hsize + doffset;
    1.17 -		if (nsize > len + doffset || !sg)
    1.18 -			nsize = len + doffset;
    1.19 +		if (hsize > len || !sg)
    1.20 +			hsize = len;
    1.21  
    1.22 -		nskb = alloc_skb(nsize + headroom, GFP_ATOMIC);
    1.23 +		nskb = alloc_skb(hsize + doffset + headroom, GFP_ATOMIC);
    1.24  		if (unlikely(!nskb))
    1.25  			goto err;
    1.26  
     2.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     2.2 +++ b/patches/linux-2.6.16.33/net-gso-6-linear-segmentation.patch	Fri Dec 15 09:38:56 2006 +0000
     2.3 @@ -0,0 +1,26 @@
     2.4 +diff -Naru a/net/core/skbuff.c b/net/core/skbuff.c
     2.5 +--- a/net/core/skbuff.c	2006-12-14 09:32:04 -08:00
     2.6 ++++ b/net/core/skbuff.c	2006-12-14 09:32:04 -08:00
     2.7 +@@ -1946,7 +1946,7 @@
     2.8 + 	do {
     2.9 + 		struct sk_buff *nskb;
    2.10 + 		skb_frag_t *frag;
    2.11 +-		int hsize, nsize;
    2.12 ++		int hsize;
    2.13 + 		int k;
    2.14 + 		int size;
    2.15 + 
    2.16 +@@ -1957,11 +1957,10 @@
    2.17 + 		hsize = skb_headlen(skb) - offset;
    2.18 + 		if (hsize < 0)
    2.19 + 			hsize = 0;
    2.20 +-		nsize = hsize + doffset;
    2.21 +-		if (nsize > len + doffset || !sg)
    2.22 +-			nsize = len + doffset;
    2.23 ++		if (hsize > len || !sg)
    2.24 ++			hsize = len;
    2.25 + 
    2.26 +-		nskb = alloc_skb(nsize + headroom, GFP_ATOMIC);
    2.27 ++		nskb = alloc_skb(hsize + doffset + headroom, GFP_ATOMIC);
    2.28 + 		if (unlikely(!nskb))
    2.29 + 			goto err;
     3.1 --- a/patches/linux-2.6.16.33/series	Fri Dec 15 09:29:15 2006 +0000
     3.2 +++ b/patches/linux-2.6.16.33/series	Fri Dec 15 09:38:56 2006 +0000
     3.3 @@ -17,6 +17,7 @@ net-gso-2-checksum-fix.patch
     3.4  net-gso-3-fix-errorcheck.patch
     3.5  net-gso-4-kill-warnon.patch
     3.6  net-gso-5-rcv-mss.patch
     3.7 +net-gso-6-linear-segmentation.patch
     3.8  pci-mmconfig-fix-from-2.6.17.patch
     3.9  pmd-shared.patch
    3.10  rcu_needs_cpu.patch