summaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authorEric Dumazet <edumazet@google.com>2016-12-09 19:02:05 +0300
committerDavid S. Miller <davem@davemloft.net>2016-12-10 07:06:10 +0300
commit3174fed9820edc95cff74ad0934c3240c7fb5115 (patch)
tree57b6f56d50fe1329c2f93b91921ca59940107def /net
parent5ac9efbe1c825d624eb557e633683c07ee03465b (diff)
downloadlinux-3174fed9820edc95cff74ad0934c3240c7fb5115.tar.xz
net: skb_condense() can also deal with empty skbs
It seems attackers can also send UDP packets with no payload at all. skb_condense() can still be a win in this case. It will be possible to replace the custom code in tcp_add_backlog() to get full benefit from skb_condense() Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/core/skbuff.c22
1 files changed, 13 insertions, 9 deletions
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 84151cf40aeb..65a74e13c45b 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -4946,16 +4946,20 @@ EXPORT_SYMBOL(pskb_extract);
*/
void skb_condense(struct sk_buff *skb)
{
- if (!skb->data_len ||
- skb->data_len > skb->end - skb->tail ||
- skb_cloned(skb))
- return;
-
- /* Nice, we can free page frag(s) right now */
- __pskb_pull_tail(skb, skb->data_len);
+ if (skb->data_len) {
+ if (skb->data_len > skb->end - skb->tail ||
+ skb_cloned(skb))
+ return;
- /* Now adjust skb->truesize, since __pskb_pull_tail() does
- * not do this.
+ /* Nice, we can free page frag(s) right now */
+ __pskb_pull_tail(skb, skb->data_len);
+ }
+ /* At this point, skb->truesize might be over estimated,
+ * because skb had a fragment, and fragments do not tell
+ * their truesize.
+ * When we pulled its content into skb->head, fragment
+ * was freed, but __pskb_pull_tail() could not possibly
+ * adjust skb->truesize, not knowing the frag truesize.
*/
skb->truesize = SKB_TRUESIZE(skb_end_offset(skb));
}