[NETFILTER]: Use pskb_trim in {ip,ip6,nfnetlink}_queue
authorPatrick McHardy <kaber@trash.net>
Wed, 15 Nov 2006 03:48:09 +0000 (19:48 -0800)
committerDavid S. Miller <davem@sunset.davemloft.net>
Thu, 16 Nov 2006 05:18:48 +0000 (21:18 -0800)
Based on patch by James D. Nurmi:

I've got some code very dependant on nfnetlink_queue, and turned up a
large number of warns coming from skb_trim.  While it's quite possibly
my code, having not seen it on older kernels made me a bit suspect.

Anyhow, based on some googling I turned up this thread:
http://lkml.org/lkml/2006/8/13/56

And believe the issue to be related, so attached is a small patch to
the kernel -- not sure if this is completely correct, but for anyone
else hitting the WARN_ON(1) in skbuff.h, it might be helpful..

Signed-off-by: James D. Nurmi <jdnurmi@gmail.com>
Ported to ip6_queue and nfnetlink_queue and added return value
checks.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv4/netfilter/ip_queue.c
net/ipv6/netfilter/ip6_queue.c
net/netfilter/nfnetlink_queue.c

index 7edad790478a36f66688bc9d36ab1c3a2d9277d7..97556cc2e4e0cfc969bd6a4dc6429b061c4d45f2 100644 (file)
@@ -351,9 +351,10 @@ ipq_mangle_ipv4(ipq_verdict_msg_t *v, struct ipq_queue_entry *e)
        if (v->data_len < sizeof(*user_iph))
                return 0;
        diff = v->data_len - e->skb->len;
-       if (diff < 0)
-               skb_trim(e->skb, v->data_len);
-       else if (diff > 0) {
+       if (diff < 0) {
+               if (pskb_trim(e->skb, v->data_len))
+                       return -ENOMEM;
+       } else if (diff > 0) {
                if (v->data_len > 0xFFFF)
                        return -EINVAL;
                if (diff > skb_tailroom(e->skb)) {
index 9510c24ca8d225a04e42d74d4a131fe555da28b5..9fec832ee08b00057a68afc375c323fe7d42842e 100644 (file)
@@ -349,9 +349,10 @@ ipq_mangle_ipv6(ipq_verdict_msg_t *v, struct ipq_queue_entry *e)
        if (v->data_len < sizeof(*user_iph))
                return 0;
        diff = v->data_len - e->skb->len;
-       if (diff < 0)
-               skb_trim(e->skb, v->data_len);
-       else if (diff > 0) {
+       if (diff < 0) {
+               if (pskb_trim(e->skb, v->data_len))
+                       return -ENOMEM;
+       } else if (diff > 0) {
                if (v->data_len > 0xFFFF)
                        return -EINVAL;
                if (diff > skb_tailroom(e->skb)) {
index 6e4ada3c1844dde85e8ef81cbe1c00a4cd834f29..e815a9aa6e95dfbffd7b04a28bd944d0cd27101b 100644 (file)
@@ -622,9 +622,10 @@ nfqnl_mangle(void *data, int data_len, struct nfqnl_queue_entry *e)
        int diff;
 
        diff = data_len - e->skb->len;
-       if (diff < 0)
-               skb_trim(e->skb, data_len);
-       else if (diff > 0) {
+       if (diff < 0) {
+               if (pskb_trim(e->skb, data_len))
+                       return -ENOMEM;
+       } else if (diff > 0) {
                if (data_len > 0xFFFF)
                        return -EINVAL;
                if (diff > skb_tailroom(e->skb)) {