[PATCH net v2] net: fix up skbs delta_truesize in UDP GRO frag_list

patchwork-bot+netdevbpf at kernel.org patchwork-bot+netdevbpf at kernel.org
Wed Mar 2 22:20:11 PST 2022


Hello:

This patch was applied to netdev/net.git (master)
by Jakub Kicinski <kuba at kernel.org>:

On Tue, 1 Mar 2022 19:17:09 +0800 you wrote:
> The truesize for a UDP GRO packet is added by main skb and skbs in main
> skb's frag_list:
> skb_gro_receive_list
>         p->truesize += skb->truesize;
> 
> The commit 53475c5dd856 ("net: fix use-after-free when UDP GRO with
> shared fraglist") introduced a truesize increase for frag_list skbs.
> When uncloning skb, it will call pskb_expand_head and trusesize for
> frag_list skbs may increase. This can occur when allocators uses
> __netdev_alloc_skb and not jump into __alloc_skb. This flow does not
> use ksize(len) to calculate truesize while pskb_expand_head uses.
> skb_segment_list
> err = skb_unclone(nskb, GFP_ATOMIC);
> pskb_expand_head
>         if (!skb->sk || skb->destructor == sock_edemux)
>                 skb->truesize += size - osize;
> 
> [...]

Here is the summary with links:
  - [net,v2] net: fix up skbs delta_truesize in UDP GRO frag_list
    https://git.kernel.org/netdev/net/c/224102de2ff1

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html





More information about the Linux-mediatek mailing list