git.openwrt.org Git - openwrt/staging/blogic.git/commit

author	Willem de Bruijn <willemb@google.com>
	Fri, 7 Jun 2019 21:57:48 +0000 (17:57 -0400)
committer	David S. Miller <davem@davemloft.net>
	Tue, 11 Jun 2019 18:40:54 +0000 (11:40 -0700)
commit	522924b583082f51b8a2406624a2f27c22119b20
tree	74e958e6694bd5adbd77ffc23e88f760f494c03f	tree \| snapshot
parent	dce5ccccd1231c6eaec5ede80bce85f2ae536826	commit \| diff

net: correct udp zerocopy refcnt also when zerocopy only on append

The below patch fixes an incorrect zerocopy refcnt increment when
appending with MSG_MORE to an existing zerocopy udp skb.

  send(.., MSG_ZEROCOPY | MSG_MORE); // refcnt 1
  send(.., MSG_ZEROCOPY | MSG_MORE); // refcnt still 1 (bar frags)

But it missed that zerocopy need not be passed at the first send. The
right test whether the uarg is newly allocated and thus has extra
refcnt 1 is not !skb, but !skb_zcopy.

  send(.., MSG_MORE); // <no uarg>
  send(.., MSG_ZEROCOPY); // refcnt 1

Fixes: 100f6d8e09905 ("net: correct zerocopy refcnt with udp MSG_MORE")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

net/ipv4/ip_output.c		diff \| blob \| history
net/ipv6/ip6_output.c		diff \| blob \| history