From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Jan Beulich" Subject: another GSO bug fix backport? Date: Fri, 15 Dec 2006 07:58:45 +0000 Message-ID: <458263C5.76E4.0078.0@novell.com> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Herbert Xu , xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org Wouldn't it be good to add below patch to the set of Xen's GSO backports? Jan [NET]: Fix segmentation of linear packets skb_segment fails to segment linear packets correctly because it tries to write all linear parts of the original skb into each segment. This will always panic as each segment only contains enough space for one MSS. This was not detected earlier because linear packets should be rare for GSO. In fact it still remains to be seen what exactly created the linear packets that triggered this bug. Basically the only time this should happen is if someone enables GSO emulation on an interface that does not support SG. Signed-off-by: Herbert Xu Signed-off-by: David S. Miller GIT: c8884edd078748905552d667857259e5358e1232 diff -Naru a/net/core/skbuff.c b/net/core/skbuff.c --- a/net/core/skbuff.c 2006-12-14 09:32:04 -08:00 +++ b/net/core/skbuff.c 2006-12-14 09:32:04 -08:00 @@ -1946,7 +1946,7 @@ do { struct sk_buff *nskb; skb_frag_t *frag; - int hsize, nsize; + int hsize; int k; int size; @@ -1957,11 +1957,10 @@ hsize = skb_headlen(skb) - offset; if (hsize < 0) hsize = 0; - nsize = hsize + doffset; - if (nsize > len + doffset || !sg) - nsize = len + doffset; + if (hsize > len || !sg) + hsize = len; - nskb = alloc_skb(nsize + headroom, GFP_ATOMIC); + nskb = alloc_skb(hsize + doffset + headroom, GFP_ATOMIC); if (unlikely(!nskb)) goto err;