• Eric Dumazet's avatar
    net: adjust skb->truesize in pskb_expand_head() · 158f323b
    Eric Dumazet authored
    Slava Shwartsman reported a warning in skb_try_coalesce(), when we
    detect skb->truesize is completely wrong.
    
    In his case, issue came from IPv6 reassembly coping with malicious
    datagrams, that forced various pskb_may_pull() to reallocate a bigger
    skb->head than the one allocated by NIC driver before entering GRO
    layer.
    
    Current code does not change skb->truesize, leaving this burden to
    callers if they care enough.
    
    Blindly changing skb->truesize in pskb_expand_head() is not
    easy, as some producers might track skb->truesize, for example
    in xmit path for back pressure feedback (sk->sk_wmem_alloc)
    
    We can detect the cases where it should be safe to change
    skb->truesize :
    
    1) skb is not attached to a socket.
    2) If it is attached to a socket, destructor is sock_edemux()
    
    My audit gave only two callers doing their own skb->truesize
    manipulation.
    
    I had to remove skb parameter in sock_edemux macro when
    CONFIG_INET is not set to avoid a compile error.
    Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
    Reported-by: default avatarSlava Shwartsman <slavash@mellanox.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    158f323b
af_netlink.c 61 KB