[net] tcp: also NULL skb->dev when copy was needed

Message ID	20200320155202.25719-1-fw@strlen.de
State	Accepted
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> From: Florian Westphal <fw@strlen.de> To: <netdev@vger.kernel.org> Cc: Florian Westphal <fw@strlen.de>, Eric Dumazet <edumazet@google.com> Subject: [PATCH net] tcp: also NULL skb->dev when copy was needed Date: Fri, 20 Mar 2020 16:52:02 +0100 Message-Id: <20200320155202.25719-1-fw@strlen.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: netdev-owner@vger.kernel.org Precedence: bulk
Series	[net] tcp: also NULL skb->dev when copy was needed \| expand [net] tcp: also NULL skb->dev when copy was needed

Message ID

20200320155202.25719-1-fw@strlen.de

State

Accepted

Delegated to:

David Miller

Headers

From: Florian Westphal <fw@strlen.de>
To: <netdev@vger.kernel.org>
Cc: Florian Westphal <fw@strlen.de>, Eric Dumazet <edumazet@google.com>
Subject: [PATCH net] tcp: also NULL skb->dev when copy was needed
Date: Fri, 20 Mar 2020 16:52:02 +0100
Message-Id: <20200320155202.25719-1-fw@strlen.de>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Series

[net] tcp: also NULL skb->dev when copy was needed | expand

Commit Message

Florian Westphal March 20, 2020, 3:52 p.m. UTC

In rare cases retransmit logic will make a full skb copy, which will not
trigger the zeroing added in recent change
b738a185beaa ("tcp: ensure skb->dev is NULL before leaving TCP stack").

Cc: Eric Dumazet <edumazet@google.com>
Fixes: 75c119afe14f ("tcp: implement rb-tree based retransmit queue")
Fixes: 28f8bfd1ac94 ("netfilter: Support iif matches in POSTROUTING")
Signed-off-by: Florian Westphal <fw@strlen.de>
---
 net/ipv4/tcp_output.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

Comments

Eric Dumazet March 20, 2020, 5:14 p.m. UTC | #1

On 3/20/20 8:52 AM, Florian Westphal wrote:
> In rare cases retransmit logic will make a full skb copy, which will not
> trigger the zeroing added in recent change
> b738a185beaa ("tcp: ensure skb->dev is NULL before leaving TCP stack").
> 
> Cc: Eric Dumazet <edumazet@google.com>
> Fixes: 75c119afe14f ("tcp: implement rb-tree based retransmit queue")
> Fixes: 28f8bfd1ac94 ("netfilter: Support iif matches in POSTROUTING")
> Signed-off-by: Florian Westphal <fw@strlen.de>
> ---

Good catch, thanks Florian !

Signed-off-by: Eric Dumazet <edumazet@google.com>

David Miller March 21, 2020, 2:37 a.m. UTC | #2

From: Florian Westphal <fw@strlen.de>
Date: Fri, 20 Mar 2020 16:52:02 +0100

> In rare cases retransmit logic will make a full skb copy, which will not
> trigger the zeroing added in recent change
> b738a185beaa ("tcp: ensure skb->dev is NULL before leaving TCP stack").
> 
> Cc: Eric Dumazet <edumazet@google.com>
> Fixes: 75c119afe14f ("tcp: implement rb-tree based retransmit queue")
> Fixes: 28f8bfd1ac94 ("netfilter: Support iif matches in POSTROUTING")
> Signed-off-by: Florian Westphal <fw@strlen.de>

Applied and queued up for -stable.

diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index e8cf8fde3d37..2f45cde168c4 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -3041,8 +3041,12 @@  int __tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb, int segs)
 
 		tcp_skb_tsorted_save(skb) {
 			nskb = __pskb_copy(skb, MAX_TCP_HEADER, GFP_ATOMIC);
-			err = nskb ? tcp_transmit_skb(sk, nskb, 0, GFP_ATOMIC) :
-				     -ENOBUFS;
+			if (nskb) {
+				nskb->dev = NULL;
+				err = tcp_transmit_skb(sk, nskb, 0, GFP_ATOMIC);
+			} else {
+				err = -ENOBUFS;
+			}
 		} tcp_skb_tsorted_restore(skb);
 
 		if (!err) {

[net] tcp: also NULL skb->dev when copy was needed

Commit Message

Comments

Patch