diff options
| author | Greg Kroah-Hartman <gregkh@suse.de> | 2011-08-01 15:59:18 -0700 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@suse.de> | 2011-08-01 15:59:18 -0700 |
| commit | 38fd5b6f5c3025413b6fa40c4cc06287ca5e40a3 (patch) | |
| tree | 4eb918c82721a07051c7f9a0866b2c402ea5b31c | |
| parent | 2622409bea3196b6bc9a164ff35d529fa1a3dc49 (diff) | |
| download | stable-queue-38fd5b6f5c3025413b6fa40c4cc06287ca5e40a3.tar.gz | |
2.6.39 patches
| -rw-r--r-- | queue-2.6.39/gro-only-reset-frag0-when-skb-can-be-pulled.patch | 40 | ||||
| -rw-r--r-- | queue-2.6.39/series | 1 |
2 files changed, 41 insertions, 0 deletions
diff --git a/queue-2.6.39/gro-only-reset-frag0-when-skb-can-be-pulled.patch b/queue-2.6.39/gro-only-reset-frag0-when-skb-can-be-pulled.patch new file mode 100644 index 0000000000..87c2502be7 --- /dev/null +++ b/queue-2.6.39/gro-only-reset-frag0-when-skb-can-be-pulled.patch @@ -0,0 +1,40 @@ +From 17dd759c67f21e34f2156abcf415e1f60605a188 Mon Sep 17 00:00:00 2001 +From: Herbert Xu <herbert@gondor.apana.org.au> +Date: Wed, 27 Jul 2011 06:16:28 -0700 +Subject: gro: Only reset frag0 when skb can be pulled + +From: Herbert Xu <herbert@gondor.apana.org.au> + +commit 17dd759c67f21e34f2156abcf415e1f60605a188 upstream. + +Currently skb_gro_header_slow unconditionally resets frag0 and +frag0_len. However, when we can't pull on the skb this leaves +the GRO fields in an inconsistent state. + +This patch fixes this by only resetting those fields after the +pskb_may_pull test. + +Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> +Signed-off-by: David S. Miller <davem@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> + +--- + include/linux/netdevice.h | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/include/linux/netdevice.h ++++ b/include/linux/netdevice.h +@@ -1680,9 +1680,12 @@ static inline int skb_gro_header_hard(st + static inline void *skb_gro_header_slow(struct sk_buff *skb, unsigned int hlen, + unsigned int offset) + { ++ if (!pskb_may_pull(skb, hlen)) ++ return NULL; ++ + NAPI_GRO_CB(skb)->frag0 = NULL; + NAPI_GRO_CB(skb)->frag0_len = 0; +- return pskb_may_pull(skb, hlen) ? skb->data + offset : NULL; ++ return skb->data + offset; + } + + static inline void *skb_gro_mac_header(struct sk_buff *skb) diff --git a/queue-2.6.39/series b/queue-2.6.39/series index 65f1e3532a..fc479c23d1 100644 --- a/queue-2.6.39/series +++ b/queue-2.6.39/series @@ -67,3 +67,4 @@ vfs-fix-race-in-rcu-lookup-of-pruned-dentry.patch cifs-fix-wsize-negotiation-to-respect-max-buffer-size-and.patch cifs-lower-default-and-max-wsize-to-what-2.6.39-can-handle.patch bridge-send-proper-message_age-in-config-bpdu.patch +gro-only-reset-frag0-when-skb-can-be-pulled.patch |