I would merge this with #2, which is about the same function, and the problem introduced by the same commit. Also, add a "Fixes" line with reference to the commit which introduced this problem. Then we should make sure that the merged commit is sent to "stable 4.4" at the same time as that commit, which I was planning to post soon anyway. I can do that, as soon as this one is upstream and we have a commit reference.
///jon > -----Original Message----- > From: Parthasarathy Bhuvaragan > Sent: Thursday, April 27, 2017 07:54 AM > To: [email protected]; Jon Maloy > <[email protected]>; Ying Xue <[email protected]> > Subject: [PATCH net v1 6/6] tipc: reassign pointers after skb reallocation / > linearization > > In tipc_msg_reverse(), we assign skb attributes to local pointers in stack at > startup. This is followed by skb_linearize() and for cloned buffers we perform > skb relocation using pskb_expand_head(). > Both these methods may update the skb attributes and thus making the > pointers incorrect. > > In this commit, we fix this error by ensuring that the pointers are > re-assigned > after any of these skb operations. > > Signed-off-by: Parthasarathy Bhuvaragan > <[email protected]> > --- > net/tipc/msg.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/net/tipc/msg.c b/net/tipc/msg.c index > ab3087687a32..98edfa6d3b2d 100644 > --- a/net/tipc/msg.c > +++ b/net/tipc/msg.c > @@ -479,13 +479,15 @@ bool tipc_msg_make_bundle(struct sk_buff **skb, > struct tipc_msg *msg, bool tipc_msg_reverse(u32 own_node, struct > sk_buff **skb, int err) { > struct sk_buff *_skb = *skb; > - struct tipc_msg *hdr = buf_msg(_skb); > + struct tipc_msg *hdr; > struct tipc_msg ohdr; > - int dlen = min_t(uint, msg_data_sz(hdr), MAX_FORWARD_SIZE); > + int dlen; > > if (skb_linearize(_skb)) > goto exit; > + > hdr = buf_msg(_skb); > + dlen = min_t(uint, msg_data_sz(hdr), MAX_FORWARD_SIZE); > if (msg_dest_droppable(hdr)) > goto exit; > if (msg_errcode(hdr)) > @@ -511,6 +513,8 @@ bool tipc_msg_reverse(u32 own_node, struct > sk_buff **skb, int err) > pskb_expand_head(_skb, BUF_HEADROOM, BUF_TAILROOM, > GFP_ATOMIC)) > goto exit; > > + /* reassign after skb header modifications */ > + hdr = buf_msg(_skb); > /* Now reverse the concerned fields */ > msg_set_errcode(hdr, err); > msg_set_origport(hdr, msg_destport(&ohdr)); > -- > 2.1.4 ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ tipc-discussion mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/tipc-discussion
