Commit f7154d96 authored by Arseniy Krasnov's avatar Arseniy Krasnov Committed by Paolo Abeni

virtio/vsock: fix header length on skb merging

This fixes appending newly arrived skbuff to the last skbuff of the
socket's queue. Problem fires when we are trying to append data to skbuff
which was already processed in dequeue callback at least once. Dequeue
callback calls function 'skb_pull()' which changes 'skb->len'. In current
implementation 'skb->len' is used to update length in header of the last
skbuff after new data was copied to it. This is bug, because value in
header is used to calculate 'rx_bytes'/'fwd_cnt' and thus must be not
be changed during skbuff's lifetime.

Bug starts to fire since:

commit 07770616
("virtio/vsock: don't use skbuff state to account credit")

It presents before, but didn't triggered due to a little bit buggy
implementation of credit calculation logic. So use Fixes tag for it.

Fixes: 07770616 ("virtio/vsock: don't use skbuff state to account credit")
Signed-off-by: default avatarArseniy Krasnov <AVKrasnov@sberdevices.ru>
Reviewed-by: default avatarStefano Garzarella <sgarzare@redhat.com>
Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
parent 20937353
...@@ -1068,7 +1068,7 @@ virtio_transport_recv_enqueue(struct vsock_sock *vsk, ...@@ -1068,7 +1068,7 @@ virtio_transport_recv_enqueue(struct vsock_sock *vsk,
memcpy(skb_put(last_skb, skb->len), skb->data, skb->len); memcpy(skb_put(last_skb, skb->len), skb->data, skb->len);
free_pkt = true; free_pkt = true;
last_hdr->flags |= hdr->flags; last_hdr->flags |= hdr->flags;
last_hdr->len = cpu_to_le32(last_skb->len); le32_add_cpu(&last_hdr->len, len);
goto out; goto out;
} }
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment