* [PATCH net-next] net: skb_condense() can also deal with empty skbs
@ 2016-12-09 16:02 Eric Dumazet
2016-12-10 4:07 ` David Miller
0 siblings, 1 reply; 2+ messages in thread
From: Eric Dumazet @ 2016-12-09 16:02 UTC (permalink / raw)
To: David Miller; +Cc: netdev
From: Eric Dumazet <edumazet@google.com>
It seems attackers can also send UDP packets with no payload at all.
skb_condense() can still be a win in this case.
It will be possible to replace the custom code in tcp_add_backlog()
to get full benefit from skb_condense()
Signed-off-by: Eric Dumazet <edumazet@google.com>
---
net/core/skbuff.c | 22 +++++++++++++---------
1 file changed, 13 insertions(+), 9 deletions(-)
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 84151cf40aebb973bad5bee3ee4be0758084d83c..b1451e66d570269252ce628b2dc1714b860e1ca4 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -4946,16 +4946,20 @@ EXPORT_SYMBOL(pskb_extract);
*/
void skb_condense(struct sk_buff *skb)
{
- if (!skb->data_len ||
- skb->data_len > skb->end - skb->tail ||
- skb_cloned(skb))
- return;
-
- /* Nice, we can free page frag(s) right now */
- __pskb_pull_tail(skb, skb->data_len);
+ if (skb->data_len) {
+ if (skb->data_len > skb->end - skb->tail ||
+ skb_cloned(skb))
+ return;
- /* Now adjust skb->truesize, since __pskb_pull_tail() does
- * not do this.
+ /* Nice, we can free page frag(s) right now */
+ __pskb_pull_tail(skb, skb->data_len);
+ }
+ /* At this point, skb->truesize might be over estimated,
+ * because skb had a fragment, and fragments do not tell
+ * their truesize.
+ * When we pulled its content into skb->head, fragment
+ * was freed, but __pskb_pull_tail() could not possibly
+ * adjust skb->truesize, not knowing the frag truesize.
*/
skb->truesize = SKB_TRUESIZE(skb_end_offset(skb));
}
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH net-next] net: skb_condense() can also deal with empty skbs
2016-12-09 16:02 [PATCH net-next] net: skb_condense() can also deal with empty skbs Eric Dumazet
@ 2016-12-10 4:07 ` David Miller
0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2016-12-10 4:07 UTC (permalink / raw)
To: eric.dumazet; +Cc: netdev
From: Eric Dumazet <eric.dumazet@gmail.com>
Date: Fri, 09 Dec 2016 08:02:05 -0800
> From: Eric Dumazet <edumazet@google.com>
>
> It seems attackers can also send UDP packets with no payload at all.
>
> skb_condense() can still be a win in this case.
>
> It will be possible to replace the custom code in tcp_add_backlog()
> to get full benefit from skb_condense()
>
> Signed-off-by: Eric Dumazet <edumazet@google.com>
Applied.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-12-10 4:07 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-12-09 16:02 [PATCH net-next] net: skb_condense() can also deal with empty skbs Eric Dumazet
2016-12-10 4:07 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).