|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [linux-2.6.18-xen] [NET] netloop: Do not clobber cloned skb page frags
# HG changeset patch
# User kfraser@xxxxxxxxxxxxxxxxxxxxx
# Date 1185977806 -3600
# Node ID 8d5ae51a09a66ff450b46ebb09ff99475604ed91
# Parent 1372bc676080a527c98cd4de82637edd319794e7
[NET] netloop: Do not clobber cloned skb page frags
The netloop driver tries to localise foreign mappings by
copying them. Unfortunately, it does so by directly modifying
skb page frags without checking whether the skb is cloned or
not. In fact, the packet is going to be cloned more often
than not.
This may result in either data corruption on DMA or a
page fault in dom0 which kills the whole machine.
Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
---
drivers/xen/netback/loopback.c | 4 ++++
1 files changed, 4 insertions(+)
diff -r 1372bc676080 -r 8d5ae51a09a6 drivers/xen/netback/loopback.c
--- a/drivers/xen/netback/loopback.c Wed Aug 01 09:23:46 2007 +0100
+++ b/drivers/xen/netback/loopback.c Wed Aug 01 15:16:46 2007 +0100
@@ -99,6 +99,10 @@ static int skb_remove_foreign_references
BUG_ON(skb_shinfo(skb)->frag_list);
+ if (skb_cloned(skb) &&
+ unlikely(pskb_expand_head(skb, 0, 0, GFP_ATOMIC)))
+ return 0;
+
for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
pfn = page_to_pfn(skb_shinfo(skb)->frags[i].page);
if (!is_foreign(pfn))
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |