• Herbert Xu's avatar
    [IPV4/IPV6] Ensure all frag_list members have NULL sk · 2fdba6b0
    Herbert Xu authored
    Having frag_list members which holds wmem of an sk leads to nightmares
    with partially cloned frag skb's.  The reason is that once you unleash
    a skb with a frag_list that has individual sk ownerships into the stack
    you can never undo those ownerships safely as they may have been cloned
    by things like netfilter.  Since we have to undo them in order to make
    skb_linearize happy this approach leads to a dead-end.
    
    So let's go the other way and make this an invariant:
    
    	For any skb on a frag_list, skb->sk must be NULL.
    
    That is, the socket ownership always belongs to the head skb.
    It turns out that the implementation is actually pretty simple.
    
    The above invariant is actually violated in the following patch
    for a short duration inside ip_fragment.  This is OK because the
    offending frag_list member is either destroyed at the end of the
    slow path without being sent anywhere, or it is detached from
    the frag_list before being sent.
    Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    2fdba6b0
ip_output.c 32.9 KB