diff options
author | Eric Dumazet <edumazet@google.com> | 2016-12-09 17:02:05 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2016-12-10 05:06:10 +0100 |
commit | 3174fed9820edc95cff74ad0934c3240c7fb5115 (patch) | |
tree | 57b6f56d50fe1329c2f93b91921ca59940107def | |
parent | Merge tag 'mac80211-next-for-davem-2016-12-09' of git://git.kernel.org/pub/sc... (diff) | |
download | linux-3174fed9820edc95cff74ad0934c3240c7fb5115.tar.xz linux-3174fed9820edc95cff74ad0934c3240c7fb5115.zip |
net: skb_condense() can also deal with empty skbs
It seems attackers can also send UDP packets with no payload at all.
skb_condense() can still be a win in this case.
It will be possible to replace the custom code in tcp_add_backlog()
to get full benefit from skb_condense()
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/core/skbuff.c | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/net/core/skbuff.c b/net/core/skbuff.c index 84151cf40aeb..65a74e13c45b 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -4946,16 +4946,20 @@ EXPORT_SYMBOL(pskb_extract); */ void skb_condense(struct sk_buff *skb) { - if (!skb->data_len || - skb->data_len > skb->end - skb->tail || - skb_cloned(skb)) - return; - - /* Nice, we can free page frag(s) right now */ - __pskb_pull_tail(skb, skb->data_len); + if (skb->data_len) { + if (skb->data_len > skb->end - skb->tail || + skb_cloned(skb)) + return; - /* Now adjust skb->truesize, since __pskb_pull_tail() does - * not do this. + /* Nice, we can free page frag(s) right now */ + __pskb_pull_tail(skb, skb->data_len); + } + /* At this point, skb->truesize might be over estimated, + * because skb had a fragment, and fragments do not tell + * their truesize. + * When we pulled its content into skb->head, fragment + * was freed, but __pskb_pull_tail() could not possibly + * adjust skb->truesize, not knowing the frag truesize. */ skb->truesize = SKB_TRUESIZE(skb_end_offset(skb)); } |