projects / platform / kernel / kernel-mfld-blackbay.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9dd014e) | patch
gro: Fix use after free in tcp_gro_receive
authorHerbert Xu <herbert@gondor.apana.org.au>
Fri, 17 Apr 2009 09:34:38 +0000 (02:34 -0700)
committerDavid S. Miller <davem@davemloft.net>
Fri, 17 Apr 2009 09:34:38 +0000 (02:34 -0700)
commita0a69a0106dab8d20596f97f6674bed3b394d1ee
tree2477a32cab5f8afdb1c158f0b151048ee7afc594tree | snapshot
parent9dd014eb9804f19d6230c3cbc10fa25f5416bda7commit | diff
gro: Fix use after free in tcp_gro_receive

After calling skb_gro_receive skb->len can no longer be relied
on since if the skb was merged using frags, then its pages will
have been removed and the length reduced.

This caused tcp_gro_receive to prematurely end merging which
resulted in suboptimal performance with ixgbe.

The fix is to store skb->len on the stack.

Reported-by: Mark Wagner <mwagner@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv4/tcp.c diff | blob | history
Domain: System / Uncategorized;