summaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2006-04-18 21:43:31 -0700
committerGreg Kroah-Hartman <gregkh@suse.de>2006-04-24 09:56:03 -0700
commit5d0b6f2bdaf7e016e750cd24164a241512d968a3 (patch)
tree63cc8e4a8124a6d8fa3f8acc22d08ed7adc206ac /net
parent9d9c917ebaf0185248e80d6b4a589b8b4d193947 (diff)
downloadkernel-common-5d0b6f2bdaf7e016e750cd24164a241512d968a3.tar.gz
kernel-common-5d0b6f2bdaf7e016e750cd24164a241512d968a3.tar.bz2
kernel-common-5d0b6f2bdaf7e016e750cd24164a241512d968a3.zip
[PATCH] Fix truesize underflow
[TCP]: Fix truesize underflow There is a problem with the TSO packet trimming code. The cause of this lies in the tcp_fragment() function. When we allocate a fragment for a completely non-linear packet the truesize is calculated for a payload length of zero. This means that truesize could in fact be less than the real payload length. When that happens the TSO packet trimming can cause truesize to become negative. This in turn can cause sk_forward_alloc to be -n * PAGE_SIZE which would trigger the warning. I've copied the code DaveM used in tso_fragment which should work here. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'net')
-rw-r--r--net/ipv4/tcp_output.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 9f498a6c8895..310f2e610582 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -537,7 +537,9 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len, unsigned int mss
buff = sk_stream_alloc_skb(sk, nsize, GFP_ATOMIC);
if (buff == NULL)
return -ENOMEM; /* We'll just try again later. */
- sk_charge_skb(sk, buff);
+
+ buff->truesize = skb->len - len;
+ skb->truesize -= buff->truesize;
/* Correct the sequence numbers. */
TCP_SKB_CB(buff)->seq = TCP_SKB_CB(skb)->seq + len;