Commit d8a585d7 authored by Patrick McHardy's avatar Patrick McHardy Committed by David S. Miller

[NETFILTER]: Use pskb_trim in {ip,ip6,nfnetlink}_queue

Based on patch by James D. Nurmi:

I've got some code very dependant on nfnetlink_queue, and turned up a
large number of warns coming from skb_trim.  While it's quite possibly
my code, having not seen it on older kernels made me a bit suspect.

Anyhow, based on some googling I turned up this thread:
http://lkml.org/lkml/2006/8/13/56

And believe the issue to be related, so attached is a small patch to
the kernel -- not sure if this is completely correct, but for anyone
else hitting the WARN_ON(1) in skbuff.h, it might be helpful..
Signed-off-by: default avatarJames D. Nurmi <jdnurmi@gmail.com>

Ported to ip6_queue and nfnetlink_queue and added return value
checks.
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 7fdeaf68
...@@ -351,9 +351,10 @@ ipq_mangle_ipv4(ipq_verdict_msg_t *v, struct ipq_queue_entry *e) ...@@ -351,9 +351,10 @@ ipq_mangle_ipv4(ipq_verdict_msg_t *v, struct ipq_queue_entry *e)
if (v->data_len < sizeof(*user_iph)) if (v->data_len < sizeof(*user_iph))
return 0; return 0;
diff = v->data_len - e->skb->len; diff = v->data_len - e->skb->len;
if (diff < 0) if (diff < 0) {
skb_trim(e->skb, v->data_len); if (pskb_trim(e->skb, v->data_len))
else if (diff > 0) { return -ENOMEM;
} else if (diff > 0) {
if (v->data_len > 0xFFFF) if (v->data_len > 0xFFFF)
return -EINVAL; return -EINVAL;
if (diff > skb_tailroom(e->skb)) { if (diff > skb_tailroom(e->skb)) {
......
...@@ -349,9 +349,10 @@ ipq_mangle_ipv6(ipq_verdict_msg_t *v, struct ipq_queue_entry *e) ...@@ -349,9 +349,10 @@ ipq_mangle_ipv6(ipq_verdict_msg_t *v, struct ipq_queue_entry *e)
if (v->data_len < sizeof(*user_iph)) if (v->data_len < sizeof(*user_iph))
return 0; return 0;
diff = v->data_len - e->skb->len; diff = v->data_len - e->skb->len;
if (diff < 0) if (diff < 0) {
skb_trim(e->skb, v->data_len); if (pskb_trim(e->skb, v->data_len))
else if (diff > 0) { return -ENOMEM;
} else if (diff > 0) {
if (v->data_len > 0xFFFF) if (v->data_len > 0xFFFF)
return -EINVAL; return -EINVAL;
if (diff > skb_tailroom(e->skb)) { if (diff > skb_tailroom(e->skb)) {
......
...@@ -622,9 +622,10 @@ nfqnl_mangle(void *data, int data_len, struct nfqnl_queue_entry *e) ...@@ -622,9 +622,10 @@ nfqnl_mangle(void *data, int data_len, struct nfqnl_queue_entry *e)
int diff; int diff;
diff = data_len - e->skb->len; diff = data_len - e->skb->len;
if (diff < 0) if (diff < 0) {
skb_trim(e->skb, data_len); if (pskb_trim(e->skb, data_len))
else if (diff > 0) { return -ENOMEM;
} else if (diff > 0) {
if (data_len > 0xFFFF) if (data_len > 0xFFFF)
return -EINVAL; return -EINVAL;
if (diff > skb_tailroom(e->skb)) { if (diff > skb_tailroom(e->skb)) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment