Message ID | 20081108230943.GW32552@xi.wantstofly.org |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
From: Lennert Buytenhek <buytenh@wantstofly.org> Date: Sun, 9 Nov 2008 00:09:43 +0100 > Since skb_reset_tail_pointer() reads skb->data, we need to set > skb->data before calling skb_reset_tail_pointer(). This was causing > spurious skb_over_panic()s from skb_put() being called on a recycled > skb that had its skb->tail set to beyond where it should have been. > > Bug report from Peter van Valderen <linux@ddcrew.com>. > > Signed-off-by: Lennert Buytenhek <buytenh@marvell.com> Applied, thanks a lot Lennert! -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/core/skbuff.c b/net/core/skbuff.c index 2c218a0..a17117e 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -454,8 +454,8 @@ int skb_recycle_check(struct sk_buff *skb, int skb_size) shinfo->frag_list = NULL; memset(skb, 0, offsetof(struct sk_buff, tail)); - skb_reset_tail_pointer(skb); skb->data = skb->head + NET_SKB_PAD; + skb_reset_tail_pointer(skb); return 1; }
Since skb_reset_tail_pointer() reads skb->data, we need to set skb->data before calling skb_reset_tail_pointer(). This was causing spurious skb_over_panic()s from skb_put() being called on a recycled skb that had its skb->tail set to beyond where it should have been. Bug report from Peter van Valderen <linux@ddcrew.com>. Signed-off-by: Lennert Buytenhek <buytenh@marvell.com> -- Please apply for 2.6.28, thanks! -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html