[INET]: Prevent out-of-sync truesize on ip_fragment slow path When ip_fragment has to hit the slow path the value of skb->truesize may go out of sync because we would have updated it without changing the packet length. This violates the constraints on truesize. This patch postpones the update of skb->truesize to prevent this. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>

commit: 29ffe1a5c52dae13b6efead97aab9b058f38fce4 [log] [tgz]
author: Herbert Xu <herbert@gondor.apana.org.au> Mon Jan 28 20:45:20 2008 -0800
committer: David S. Miller <davem@davemloft.net> Thu Jan 31 19:27:07 2008 -0800
tree: bcca1391f02a01cf1b2d5942a06d392ac0f5be11
parent: 1987e7b4855fcb6a866d3279ee9f2890491bc34d [diff] [blame]
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 15c4f6c..cfe9e707 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c

@@ -636,6 +636,7 @@
 
 	if (skb_shinfo(skb)->frag_list) {
 		int first_len = skb_pagelen(skb);
+		int truesizes = 0;
 
 		if (first_len - hlen > mtu ||
 		    ((first_len - hlen) & 7) ||
@@ -658,7 +659,7 @@
 				sock_hold(skb->sk);
 				frag->sk = skb->sk;
 				frag->destructor = sock_wfree;
-				skb->truesize -= frag->truesize;
+				truesizes += frag->truesize;
 			}
 		}
 
@@ -689,6 +690,7 @@
 
 		first_len = skb_pagelen(skb);
 		skb->data_len = first_len - skb_headlen(skb);
+		skb->truesize -= truesizes;
 		skb->len = first_len;
 		ipv6_hdr(skb)->payload_len = htons(first_len -
 						   sizeof(struct ipv6hdr));
commit	29ffe1a5c52dae13b6efead97aab9b058f38fce4	[log] [tgz]
author	Herbert Xu <herbert@gondor.apana.org.au>	Mon Jan 28 20:45:20 2008 -0800
committer	David S. Miller <davem@davemloft.net>	Thu Jan 31 19:27:07 2008 -0800
tree	bcca1391f02a01cf1b2d5942a06d392ac0f5be11
parent	1987e7b4855fcb6a866d3279ee9f2890491bc34d [diff] [blame]