Re: [PATCH 2/4] wan/hdlc_x25: fix skb handling
From: Martin Schiller
Date: Mon Apr 08 2019 - 02:07:07 EST
On 2019-04-05 21:15, David Miller wrote:
From: Martin Schiller <ms@xxxxxxxxxx>
Date: Fri, 05 Apr 2019 08:56:44 +0200
On 2019-04-05 02:32, David Miller wrote:
From: Martin Schiller <ms@xxxxxxxxxx>
Date: Wed, 3 Apr 2019 07:01:16 +0200
/* X.25 to LAPB */
switch (skb->data[0]) {
case X25_IFACE_DATA: /* Data to be transmitted */
- skb_pull(skb, 1);
- if ((result = lapb_data_request(dev, skb)) != LAPB_OK)
- dev_kfree_skb(skb);
- return NETDEV_TX_OK;
+ skbn = skb_copy(skb, GFP_ATOMIC);
+ skb_pull(skbn, 1);
+ skb_reset_network_header(skbn);
+ if ((result = lapb_data_request(dev, skbn)) != LAPB_OK)
+ dev_kfree_skb(skbn);
This leaks 'skb'.
What exactly do you mean?
'skb' will get freed at the end of x25_xmit() function:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/net/wan/hdlc_x25.c#n129
Then why was it freed here in the original code?
In the original code, 'skb' is only freed here if lapb_data_request()
return a value != LAPB_OK, which is the case when the skb can't be
queued for transmission. Otherwise 'skb' won't be freed here in the
"X25_IFACE_DATA" case.
What my change do is, that 'skb' is copied to 'skbn' before the skb_pull
of the first byte, to fix the problem that tracing layer3 (ETH_P_X25)
packets results in a malformed first byte of the packets, because the
original "skb" will get modified before the frame reaches the tcpdump
output.
Everything else works like before.