• Daniel Borkmann's avatar
    net: sctp: keep owned chunk in destructor_arg instead of skb->cb · f869c912
    Daniel Borkmann authored
    It's just silly to hold the skb destructor argument around inside
    skb->cb[] as we currently do in SCTP.
    
    Nowadays, we're sort of cheating on data accounting in the sense
    that due to commit 4c3a5bda ("sctp: Don't charge for data in
    sndbuf again when transmitting packet"), we orphan the skb already
    in the SCTP output path, i.e. giving back charged data memory, and
    use a different destructor only to make sure the sk doesn't vanish
    on skb destruction time. Thus, cb[] is still valid here as we
    operate within the SCTP layer. (It's generally actually a big
    candidate for future rework, imho.)
    
    However, storing the destructor in the cb[] can easily cause issues
    should an non sctp_packet_set_owner_w()'ed skb ever escape the SCTP
    layer, since cb[] may get overwritten by lower layers and thus can
    corrupt the chunk pointer. There are no such issues at present,
    but lets keep the chunk in destructor_arg, as this is the actual
    purpose for it.
    Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
    Acked-by: default avatarVlad Yasevich <vyasevich@gmail.com>
    Acked-by: default avatarNeil Horman <nhorman@tuxdriver.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    f869c912
socket.c 207 KB