From: Sabrina Dubroca <s...@queasysnail.net>
Date: Fri, 2 Dec 2016 16:49:29 +0100
> geneve{,6}_build_skb can end up doing a pskb_expand_head(), which
> makes the ip_hdr(skb) reference we stashed earlier stale. Since it's
> only needed as an argument to ip_tunnel_ecn_encap(), move this
> directly in the function call.
>
> Fixes: 08399efc6319 ("geneve: ensure ECN info is handled properly in all
> tx/rx paths")
> Signed-off-by: Sabrina Dubroca <s...@queasysnail.net>
Applied and queued up for -stable, thanks.
This bug happens so many times that I think it might be time for
a debugging mode for pskb_expand_head() that unconditionally
reallocates the skb->data buffer regardless of whether it's
necessary or not and somehow unmaps the previous buffer to
force a trap on stale pointers.
Better ideas welcome, of course :)
