From: mchristi@redhat.com <mchristi@redhat.com>
Date: Mon, 8 Jun 2009 10:35:28 -0500
Subject: [net] skb_seq_read: wrong offset/len for page frag data
Message-id: 1244475328-8044-1-git-send-email-mchristi@redhat.com
O-Subject: [PATCH] RHEL 5.4: net: fix skb_seq_read returning wrong offset/length for page frag data
Bugzilla: 501308
RH-Acked-by: David Miller <davem@redhat.com>
RH-Acked-by: Neil Horman <nhorman@redhat.com>

From: Mike Christie <mchristi@redhat.com>

This is for BZ 501308.

>From the upstream commit in the net git tree:
http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commitdiff;h=995b337952cdf7e05d288eede580257b632a8343

When called with a consumed value that is less than skb_headlen(skb)
bytes into a page frag, skb_seq_read() incorrectly returns an
offset/length relative to skb->data. Ensure that data which should come
from a page frag does.

Testing:
The problem was found and fixed by Dell/Equallogic. They verified the fix
with our kernel, and did minimal regression testing.

I did not have a bnx2x card, so I just did iscsi IO tests with other drivers
I have here (e1000, ixgbe, cxgb3 and bnx2) to check for regessions with
that code path.

diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 6bd609d..8113351 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -1715,7 +1715,7 @@ unsigned int skb_seq_read(unsigned int consumed, const u8 **data,
 next_skb:
 	block_limit = skb_headlen(st->cur_skb) + st->stepped_offset;
 
-	if (abs_offset < block_limit) {
+	if (abs_offset < block_limit && !st->frag_data) {
 		*data = st->cur_skb->data + (abs_offset - st->stepped_offset);
 		return block_limit - abs_offset;
 	}