• Jon Paul Maloy's avatar
    tipc: allow non-linear first fragment buffer · f05773e6
    Jon Paul Maloy authored
    [ Upstream commit 45c8b7b1 ]
    
    The current code for message reassembly is erroneously assuming that
    the the first arriving fragment buffer always is linear, and then goes
    ahead resetting the fragment list of that buffer in anticipation of
    more arriving fragments.
    
    However, if the buffer already happens to be non-linear, we will
    inadvertently drop the already attached fragment list, and later
    on trig a BUG() in __pskb_pull_tail().
    
    We see this happen when running fragmented TIPC multicast across UDP,
    something made possible since
    commit d0f91938 ("tipc: add ip/udp media type")
    
    We fix this by not resetting the fragment list when the buffer is non-
    linear, and by initiatlizing our private fragment list tail pointer to
    the tail of the existing fragment list.
    
    Fixes: commit d0f91938 ("tipc: add ip/udp media type")
    Signed-off-by: default avatarJon Maloy <jon.maloy@ericsson.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
    f05773e6
msg.c 12.7 KB