summaryrefslogtreecommitdiffstats
path: root/net/bridge/br_netlink.c
diff options
context:
space:
mode:
authorEric Dumazet <edumazet@google.com>2017-01-27 16:11:27 +0100
committerDavid S. Miller <davem@davemloft.net>2017-01-27 18:03:29 +0100
commit158f323b9868b59967ad96957c4ca388161be321 (patch)
tree507829772e7f0849038baf503f85fe788b0e4340 /net/bridge/br_netlink.c
parentMerge branch 'sfc-encapsulated-filters' (diff)
downloadlinux-158f323b9868b59967ad96957c4ca388161be321.tar.xz
linux-158f323b9868b59967ad96957c4ca388161be321.zip
net: adjust skb->truesize in pskb_expand_head()
Slava Shwartsman reported a warning in skb_try_coalesce(), when we detect skb->truesize is completely wrong. In his case, issue came from IPv6 reassembly coping with malicious datagrams, that forced various pskb_may_pull() to reallocate a bigger skb->head than the one allocated by NIC driver before entering GRO layer. Current code does not change skb->truesize, leaving this burden to callers if they care enough. Blindly changing skb->truesize in pskb_expand_head() is not easy, as some producers might track skb->truesize, for example in xmit path for back pressure feedback (sk->sk_wmem_alloc) We can detect the cases where it should be safe to change skb->truesize : 1) skb is not attached to a socket. 2) If it is attached to a socket, destructor is sock_edemux() My audit gave only two callers doing their own skb->truesize manipulation. I had to remove skb parameter in sock_edemux macro when CONFIG_INET is not set to avoid a compile error. Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: Slava Shwartsman <slavash@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/bridge/br_netlink.c')
0 files changed, 0 insertions, 0 deletions