[ 074/167] [PATCH 14/26] tcp: fix tcp_trim_head()

From: Ben Hutchings
Date: Wed May 09 2012 - 02:06:35 EST

Next message: Ben Hutchings: "[ 149/167] [PATCH] iwlwifi: fix hardware queue programming"
Previous message: Jeffrey Merkey: "[ANNOUNCE] Blowfish PHP implementation for Linux (fast, easier tomaintain, and doesn't require Linux PEAR and all those wierd bin modules)"
In reply to: Larry Finger: "Re: [ 166/167] [PATCH] staging: r8712u: Fix regression caused bycommit 8c213fa"
Next in thread: Jonathan Nieder: "Re: [ 074/167] [PATCH 14/26] tcp: fix tcp_trim_head()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

3.2-stable review patch. If anyone has any objections, please let me know.

------------------

From: Eric Dumazet <eric.dumazet@xxxxxxxxx>

[ Upstream commit 4fa48bf3c75069d636fc8830743c929a062e80dc ]

commit f07d960df3 (tcp: avoid frag allocation for small frames)
breaked assumption in tcp stack that skb is either linear (skb->data_len
== 0), or fully fragged (skb->data_len == skb->len)

tcp_trim_head() made this assumption, we must fix it.

Thanks to Vijay for providing a very detailed explanation.

Reported-by: Vijay Subramanian <subramanian.vijay@xxxxxxxxx>
Signed-off-by: Eric Dumazet <eric.dumazet@xxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
---
net/ipv4/tcp_output.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 097e0c7..7413437 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -1093,6 +1093,13 @@ static void __pskb_trim_head(struct sk_buff *skb, int len)
{
int i, k, eat;

+ eat = min_t(int, len, skb_headlen(skb));
+ if (eat) {
+ __skb_pull(skb, eat);
+ len -= eat;
+ if (!len)
+ return;
+ }
eat = len;
k = 0;
for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
@@ -1124,11 +1131,7 @@ int tcp_trim_head(struct sock *sk, struct sk_buff *skb, u32 len)
if (skb_cloned(skb) && pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
return -ENOMEM;

- /* If len == headlen, we avoid __skb_pull to preserve alignment. */
- if (unlikely(len < skb_headlen(skb)))
- __skb_pull(skb, len);
- else
- __pskb_trim_head(skb, len - skb_headlen(skb));
+ __pskb_trim_head(skb, len);

TCP_SKB_CB(skb)->seq += len;
skb->ip_summed = CHECKSUM_PARTIAL;
--
1.7.10

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ben Hutchings: "[ 149/167] [PATCH] iwlwifi: fix hardware queue programming"
Previous message: Jeffrey Merkey: "[ANNOUNCE] Blowfish PHP implementation for Linux (fast, easier tomaintain, and doesn't require Linux PEAR and all those wierd bin modules)"
In reply to: Larry Finger: "Re: [ 166/167] [PATCH] staging: r8712u: Fix regression caused bycommit 8c213fa"
Next in thread: Jonathan Nieder: "Re: [ 074/167] [PATCH 14/26] tcp: fix tcp_trim_head()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]