Commit 9f8c53fd authored by Willem de Bruijn's avatar Willem de Bruijn Committed by Stefan Bader

packet: fix reserve calculation

BugLink: https://bugs.launchpad.net/bugs/1777063

[ Upstream commit 9aad13b0 ]

Commit b84bbaf7 ("packet: in packet_snd start writing at link
layer allocation") ensures that packet_snd always starts writing
the link layer header in reserved headroom allocated for this
purpose.

This is needed because packets may be shorter than hard_header_len,
in which case the space up to hard_header_len may be zeroed. But
that necessary padding is not accounted for in skb->len.

The fix, however, is buggy. It calls skb_push, which grows skb->len
when moving skb->data back. But in this case packet length should not
change.

Instead, call skb_reserve, which moves both skb->data and skb->tail
back, without changing length.

Fixes: b84bbaf7 ("packet: in packet_snd start writing at link layer allocation")
Reported-by: default avatarTariq Toukan <tariqt@mellanox.com>
Signed-off-by: default avatarWillem de Bruijn <willemb@google.com>
Acked-by: default avatarSoheil Hassas Yeganeh <soheil@google.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarJuerg Haefliger <juergh@canonical.com>
Signed-off-by: default avatarKhalid Elmously <khalid.elmously@canonical.com>
parent 32abb33a
......@@ -2779,7 +2779,7 @@ static int packet_snd(struct socket *sock, struct msghdr *msg, size_t len)
if (unlikely(offset < 0))
goto out_free;
} else if (reserve) {
skb_push(skb, reserve);
skb_reserve(skb, -reserve);
}
/* Returns -EFAULT on error */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment