Eric Dumazet 3d13008e73 ip: fix truesize mismatch in ip fragmentation ...

Special care should be taken when slow path is hit in ip_fragment() :

When walking through frags, we transfert truesize ownership from skb to
frags. Then if we hit a slow_path condition, we must undo this or risk
uncharging frags->truesize twice, and in the end, having negative socket
sk_wmem_alloc counter, or even freeing socket sooner than expected.

Many thanks to Nick Bowler, who provided a very clean bug report and
test program.

Thanks to Jarek for reviewing my first patch and providing a V2

While Nick bisection pointed to commit 2b85a34e911 (net: No more
expensive sock_hold()/sock_put() on each tx), underlying bug is older
(2.6.12-rc5)

A side effect is to extend work done in commit b2722b1c3a893e
(ip_fragment: also adjust skb->truesize for packets not owned by a
socket) to ipv6 as well.

Reported-and-bisected-by: Nick Bowler <nbowler@elliptictech.com>
Tested-by: Nick Bowler <nbowler@elliptictech.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
CC: Jarek Poplawski <jarkao2@gmail.com>
CC: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

2010-09-21 15:05:50 -07:00

..

netfilter

netfilter: discard overlapping IPv6 fragment

2010-09-07 13:57:21 -07:00

addrconf_core.c

ipv6: Remove IPV6_ADDR_RESERVED

2010-02-26 03:59:07 -08:00

addrconf.c

Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6

2010-07-27 21:01:35 -07:00

addrlabel.c

net: CONFIG_NET_NS reduction

2010-06-02 05:16:23 -07:00

af_inet6.c

inet, inet6: make tcp_sendmsg() and tcp_sendpage() through inet_sendmsg() and inet_sendpage()

2010-07-12 20:21:46 -07:00

ah6.c

include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h

2010-03-30 22:02:32 +09:00

anycast.c

net-next: remove useless union keyword

2010-06-10 23:31:35 -07:00

datagram.c

udp: add rehash on connect()

2010-09-08 21:45:01 -07:00

esp6.c

xfrm: SA lookups signature with mark

2010-02-22 16:20:22 -08:00

exthdrs_core.c

[NET] IPV6: Fix whitespace errors.

2007-02-10 23:19:42 -08:00

exthdrs.c

ipv6: avoid two atomics in ipv6_rthdr_rcv()

2010-06-14 23:13:06 -07:00

fib6_rules.c

net-next: remove useless union keyword

2010-06-10 23:31:35 -07:00

icmp.c

ipv6: fix ICMP6_MIB_OUTERRORS

2010-06-09 18:39:27 -07:00

inet6_connection_sock.c

ipv6: Refactor update of IPv6 flowi destination address for srcrt (RH) option

2010-06-02 07:08:31 -07:00

inet6_hashtables.c

tcp: Fix a connect() race with timewait sockets

2009-12-08 20:17:51 -08:00

ip6_fib.c

net-next: remove useless union keyword

2010-06-10 23:31:35 -07:00

ip6_flowlabel.c

IPv6: Add dontfrag argument to relevant functions

2010-04-23 23:35:28 -07:00

ip6_input.c

Merge branch 'master' of /repos/git/net-next-2.6

2010-04-20 16:02:01 +02:00

ip6_output.c

ip: fix truesize mismatch in ip fragmentation

2010-09-21 15:05:50 -07:00

ip6_tunnel.c

net-next: remove useless union keyword

2010-06-10 23:31:35 -07:00

ip6mr.c

ipmr: dont corrupt lists

2010-06-07 02:57:14 -07:00

ipcomp6.c

xfrm: SA lookups signature with mark

2010-02-22 16:20:22 -08:00

ipv6_sockglue.c

ipv6: remove ipv6_statistics

2010-06-25 21:33:17 -07:00

Kconfig

ipv6: ip6mr: support multiple tables

2010-05-11 14:40:55 +02:00

Makefile

[IPV6] MROUTE: Support multicast forwarding.

2008-04-05 22:33:38 +09:00

mcast.c

net-next: remove useless union keyword

2010-06-10 23:31:35 -07:00

mip6.c

IPv6: fix CoA check in RH2 input handler (mip6_rthdr_input())

2010-07-18 15:04:33 -07:00

ndisc.c

Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6

2010-07-07 15:59:38 -07:00

netfilter.c

netfilter: kill redundant check code in which setting ip_summed value

2010-06-14 16:20:02 +02:00

proc.c

snmp: 64bit ipstats_mib for all arches

2010-06-30 13:31:19 -07:00

protocol.c

net: constify struct inet6_protocol

2009-09-14 17:03:05 -07:00

raw.c

net-next: remove useless union keyword

2010-06-10 23:31:35 -07:00

reassembly.c

ipv6: discard overlapping fragment

2010-09-07 13:57:21 -07:00

route.c

ipv6: remove sysctl jiffies conversion on gc_elasticity and min_adv_mss

2010-08-14 22:42:51 -07:00

sit.c

net-next: remove useless union keyword

2010-06-10 23:31:35 -07:00

syncookies.c

syncookies: add support for ECN

2010-06-26 22:00:03 -07:00

sysctl_net_ipv6.c

include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h

2010-03-30 22:02:32 +09:00

tcp_ipv6.c

inet, inet6: make tcp_sendmsg() and tcp_sendpage() through inet_sendmsg() and inet_sendpage()

2010-07-12 20:21:46 -07:00

tunnel6.c

include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h

2010-03-30 22:02:32 +09:00

udp_impl.h

net: Make setsockopt() optlen be unsigned.

2009-09-30 16:12:20 -07:00

udp.c

udp: add rehash on connect()

2010-09-08 21:45:01 -07:00

udplite.c

net: spread __net_init, __net_exit

2010-01-17 19:16:02 -08:00

xfrm6_input.c

netfilter: ipv6: use NFPROTO values for NF_HOOK invocation

2010-03-25 16:00:49 +01:00

xfrm6_mode_beet.c

ipsec: Interfamily IPSec BEET, ipv4-inner ipv6-outer

2008-08-06 02:40:25 -07:00

xfrm6_mode_ro.c

[IPSEC]: Make x->lastused an unsigned long

2008-01-28 14:53:52 -08:00

xfrm6_mode_transport.c

[IPSEC]: Use IPv6 calling convention as the convention for x->mode->output

2007-10-10 16:55:54 -07:00

xfrm6_mode_tunnel.c

include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h

2010-03-30 22:02:32 +09:00

xfrm6_output.c

netfilter: ipv6: use NFPROTO values for NF_HOOK invocation

2010-03-25 16:00:49 +01:00

xfrm6_policy.c

xfrm: fix xfrm by MARK logic

2010-07-04 11:46:07 -07:00

xfrm6_state.c

xfrm: Allow different selector family in temporary state

2010-09-20 11:11:38 -07:00

xfrm6_tunnel.c

include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h

2010-03-30 22:02:32 +09:00