Sophie: kernel-2.6.18-238.el5 src

kernel-2.6.18-238.el5.src.rpm

From: Hideo AOKI <haoki@redhat.com>
Date: Wed, 23 Jan 2008 03:48:22 -0500
Subject: [net] fix potential SKB invalid truesize bug
Message-id: 4796FF56.10207@redhat.com
O-Subject: [RHEL 5.2 PATCH] bz#:429417 fix potential SKB invalid truesize bug
Bugzilla: 429417

Hello,

BZ#:
------
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id429417

Description:
------------
Current kernel has a potential issue on calculating truesize of skb.
bz#223593 exposed this bug. To fix the bug, two patches were submitted
to netdev mailing list recently thanks to David and Herbert.
I back-ported them to RHEL5.

Upstream Status:
----------------
The patches were applied to net-2.6 tree.

http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commitdiff;h=d4ec8e0d2895bab3d84c1314191ec31953cc5c93
http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commitdiff;h=d53bdc4ed9d4473810af9c07597ae43cf4b5f900

Test Status:
------------
I confirmed that -72.el5 kernel with this patch and patch set bz#223593
passed rhts Connectathon NFS test correctly.

Acked-by: "David S. Miller" <davem@redhat.com>
Acked-by: Alexander Viro <aviro@redhat.com>
Acked-by: Neil Horman <nhorman@redhat.com>

diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 8c01b40..d744b2b 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -1023,8 +1023,6 @@ alloc_new_skb:
 
 				skb_fill_page_desc(skb, i, page, 0, 0);
 				frag = &skb_shinfo(skb)->frags[i];
-				skb->truesize += PAGE_SIZE;
-				atomic_add(PAGE_SIZE, &sk->sk_wmem_alloc);
 			} else {
 				err = -EMSGSIZE;
 				goto error;
@@ -1037,6 +1035,8 @@ alloc_new_skb:
 			frag->size += copy;
 			skb->len += copy;
 			skb->data_len += copy;
+			skb->truesize += copy;
+			atomic_add(copy, &sk->sk_wmem_alloc);
 		}
 		offset += copy;
 		length -= copy;
@@ -1181,6 +1181,8 @@ ssize_t	ip_append_page(struct sock *sk, struct page *page,
 
 		skb->len += len;
 		skb->data_len += len;
+		skb->truesize += len;
+		atomic_add(len, &sk->sk_wmem_alloc);
 		offset += len;
 		size -= len;
 	}
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 5770ba7..e69d424 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -1229,8 +1229,6 @@ alloc_new_skb:
 
 				skb_fill_page_desc(skb, i, page, 0, 0);
 				frag = &skb_shinfo(skb)->frags[i];
-				skb->truesize += PAGE_SIZE;
-				atomic_add(PAGE_SIZE, &sk->sk_wmem_alloc);
 			} else {
 				err = -EMSGSIZE;
 				goto error;
@@ -1243,6 +1241,8 @@ alloc_new_skb:
 			frag->size += copy;
 			skb->len += copy;
 			skb->data_len += copy;
+			skb->truesize += copy;
+			atomic_add(copy, &sk->sk_wmem_alloc);
 		}
 		offset += copy;
 		length -= copy;