Commit d4810200 authored by Evgeniy Polyakov's avatar Evgeniy Polyakov Committed by David S. Miller

[XFRM]: skb_cow_data() does not set proper owner for new skbs.

It looks like skb_cow_data() does not set 
proper owner for newly created skb.

If we have several fragments for skb and some of them
are shared(?) or cloned (like in async IPsec) there 
might be a situation when we require recreating skb and 
thus using skb_copy() for it.
Newly created skb has neither a destructor nor a socket
assotiated with it, which must be copied from the old skb.
As far as I can see, current code sets destructor and socket
for the first one skb only and uses truesize of the first skb
only to increment sk_wmem_alloc value.

If above "analysis" is correct then attached patch fixes that.
Signed-off-by: default avatarEvgeniy Polyakov <johnpol@2ka.mipt.ru>
Acked-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent f7383c22
...@@ -698,7 +698,7 @@ int skb_cow_data(struct sk_buff *skb, int tailbits, struct sk_buff **trailer) ...@@ -698,7 +698,7 @@ int skb_cow_data(struct sk_buff *skb, int tailbits, struct sk_buff **trailer)
return -ENOMEM; return -ENOMEM;
if (skb1->sk) if (skb1->sk)
skb_set_owner_w(skb, skb1->sk); skb_set_owner_w(skb2, skb1->sk);
/* Looking around. Are we still alive? /* Looking around. Are we still alive?
* OK, link new skb, drop old one */ * OK, link new skb, drop old one */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment