aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorOlaf Kirch <olaf.kirch@oracle.com>2007-06-23 23:11:52 -0700
committerDavid S. Miller <davem@davemloft.net>2007-06-23 23:11:52 -0700
commit5b5a60da281c767196427ce8144deae6ec46b389 (patch)
tree02ac728c14eb8fa0bd49ac8ede6f15e760ddc3f3
parent515e06c4556bd8388db6b2bb2cd8859126932946 (diff)
downloadkernel_samsung_aries-5b5a60da281c767196427ce8144deae6ec46b389.zip
kernel_samsung_aries-5b5a60da281c767196427ce8144deae6ec46b389.tar.gz
kernel_samsung_aries-5b5a60da281c767196427ce8144deae6ec46b389.tar.bz2
[NET]: Make skb_seq_read unmap the last fragment
Having walked through the entire skbuff, skb_seq_read would leave the last fragment mapped. As a consequence, the unwary caller would leak kmaps, and proceed with preempt_count off by one. The only (kind of non-intuitive) workaround is to use skb_seq_read_abort. This patch makes sure skb_seq_read always unmaps frag_data after having cycled through the skb's paged part. Signed-off-by: Olaf Kirch <olaf.kirch@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/core/skbuff.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 8d43ae6..27cfe5f 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -1706,6 +1706,11 @@ next_skb:
st->stepped_offset += frag->size;
}
+ if (st->frag_data) {
+ kunmap_skb_frag(st->frag_data);
+ st->frag_data = NULL;
+ }
+
if (st->cur_skb->next) {
st->cur_skb = st->cur_skb->next;
st->frag_idx = 0;