[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [NET] netloop: Do not clobber cloned skb page frags



Hi Keir:

This patch is required for anyone still using netloop.

[NET] netloop: Do not clobber cloned skb page frags

The netloop driver tries to localise foreign mappings by
copying them.  Unfortunately, it does so by directly modifying
skb page frags without checking whether the skb is cloned or
not.  In fact, the packet is going to be cloned more often
than not.

This may result in either data corruption on DMA or a
page fault in dom0 which kills the whole machine.

Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
diff -r 88a17da7f336 drivers/xen/netback/loopback.c
--- a/drivers/xen/netback/loopback.c    Thu Jul 26 16:36:52 2007 +0100
+++ b/drivers/xen/netback/loopback.c    Tue Jul 31 18:59:11 2007 +0800
@@ -99,6 +99,10 @@ static int skb_remove_foreign_references
 
        BUG_ON(skb_shinfo(skb)->frag_list);
 
+       if (skb_cloned(skb) &&
+           unlikely(pskb_expand_head(skb, 0, 0, GFP_ATOMIC)))
+               return 0;
+
        for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
                pfn = page_to_pfn(skb_shinfo(skb)->frags[i].page);
                if (!is_foreign(pfn))

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.