Commit 9aad13b0 authored by Willem de Bruijn's avatar Willem de Bruijn Committed by David S. Miller

packet: fix reserve calculation

Commit b84bbaf7 ("packet: in packet_snd start writing at link
layer allocation") ensures that packet_snd always starts writing
the link layer header in reserved headroom allocated for this
purpose.

This is needed because packets may be shorter than hard_header_len,
in which case the space up to hard_header_len may be zeroed. But
that necessary padding is not accounted for in skb->len.

The fix, however, is buggy. It calls skb_push, which grows skb->len
when moving skb->data back. But in this case packet length should not
change.

Instead, call skb_reserve, which moves both skb->data and skb->tail
back, without changing length.

Fixes: b84bbaf7 ("packet: in packet_snd start writing at link layer allocation")
Reported-by: default avatarTariq Toukan <tariqt@mellanox.com>
Signed-off-by: default avatarWillem de Bruijn <willemb@google.com>
Acked-by: default avatarSoheil Hassas Yeganeh <soheil@google.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent d546b67c
...@@ -2911,7 +2911,7 @@ static int packet_snd(struct socket *sock, struct msghdr *msg, size_t len) ...@@ -2911,7 +2911,7 @@ static int packet_snd(struct socket *sock, struct msghdr *msg, size_t len)
if (unlikely(offset < 0)) if (unlikely(offset < 0))
goto out_free; goto out_free;
} else if (reserve) { } else if (reserve) {
skb_push(skb, reserve); skb_reserve(skb, -reserve);
} }
/* Returns -EFAULT on error */ /* Returns -EFAULT on error */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment