git.baikalelectronics.ru Git - kernel.git/commit

author	Willem de Bruijn <willemb@google.com>
	Fri, 7 Jun 2019 21:57:48 +0000 (17:57 -0400)
committer	David S. Miller <davem@davemloft.net>
	Tue, 11 Jun 2019 18:40:54 +0000 (11:40 -0700)
commit	ebfc10341a97ab817f104c0d7410c84d258b0d82
tree	74e958e6694bd5adbd77ffc23e88f760f494c03f	tree \| snapshot
parent	2c9376e32e6c05bb2b0be5142de32c926cd26382	commit \| diff

net: correct udp zerocopy refcnt also when zerocopy only on append

The below patch fixes an incorrect zerocopy refcnt increment when
appending with MSG_MORE to an existing zerocopy udp skb.

  send(.., MSG_ZEROCOPY | MSG_MORE); // refcnt 1
  send(.., MSG_ZEROCOPY | MSG_MORE); // refcnt still 1 (bar frags)

But it missed that zerocopy need not be passed at the first send. The
right test whether the uarg is newly allocated and thus has extra
refcnt 1 is not !skb, but !skb_zcopy.

  send(.., MSG_MORE); // <no uarg>
  send(.., MSG_ZEROCOPY); // refcnt 1

Fixes: 866554534e343 ("net: correct zerocopy refcnt with udp MSG_MORE")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

net/ipv4/ip_output.c		diff \| blob \| history
net/ipv6/ip6_output.c		diff \| blob \| history