From: Jon Maloy <jon.ma...@ericsson.com> Date: Mon, 20 Jun 2016 09:20:46 -0400
> When extracting an individual message from a received "bundle" buffer, > we just create a clone of the base buffer, and adjust it to point into > the right position of the linearized data area of the latter. This works > well for regular message reception, but during periods of extremely high > load it may happen that an extracted buffer, e.g, a connection probe, is > reversed and forwarded through an external interface while the preceding > extracted message is still unhandled. When this happens, the header or > data area of the preceding message will be partially overwritten by a > MAC header, leading to unpredicatable consequences, such as a link > reset. > > We now fix this by ensuring that the msg_reverse() function never > returns a cloned buffer, and that the returned buffer always contains > sufficient valid head and tail room to be forwarded. > > Reported-by: Erik Hugne <erik.hu...@gmail.com> > Acked-by: Ying Xue <ying....@windriver.com> > Signed-off-by: Jon Maloy <jon.ma...@ericsson.com> Applied.
