From: Eric Dumazet <eric.duma...@gmail.com> Date: Fri, 27 Jan 2017 07:11:27 -0800
> From: Eric Dumazet <eduma...@google.com> > > Slava Shwartsman reported a warning in skb_try_coalesce(), when we > detect skb->truesize is completely wrong. > > In his case, issue came from IPv6 reassembly coping with malicious > datagrams, that forced various pskb_may_pull() to reallocate a bigger > skb->head than the one allocated by NIC driver before entering GRO > layer. > > Current code does not change skb->truesize, leaving this burden to > callers if they care enough. > > Blindly changing skb->truesize in pskb_expand_head() is not > easy, as some producers might track skb->truesize, for example > in xmit path for back pressure feedback (sk->sk_wmem_alloc) > > We can detect the cases where it should be safe to change > skb->truesize : > > 1) skb is not attached to a socket. > 2) If it is attached to a socket, destructor is sock_edemux() > > My audit gave only two callers doing their own skb->truesize > manipulation. > > I had to remove skb parameter in sock_edemux macro when > CONFIG_INET is not set to avoid a compile error. > > Signed-off-by: Eric Dumazet <eduma...@google.com> > Reported-by: Slava Shwartsman <slav...@mellanox.com> Looks good, applied, thanks Eric.
