From: Herbert Xu <herbert.xu@redhat.com>
Subject: [RHEL5.1 PATCH] [XEN] netloop: Do not clobber cloned skb page frags
Date: Wed, 1 Aug 2007 21:35:59 +0800
Bugzilla: 249683
Message-Id: <20070801133559.GA3907@gondor.apana.org.au>
Changelog: [XEN] netloop: Do not clobber cloned skb page frags
Hi:
RHEL5.1 BZ 249683
May also fix 246304
This is not yet submitted upstream to Xen but I'll do it
right now. I do not forsee any problems there.
[XEN] netloop: Do not clobber cloned skb page frags
The netloop driver tries to localise foreign mappings by
copying them. Unfortunately, it does so by directly modifying
skb page frags without checking whether the skb is cloned or
not. In fact, the packet is going to be cloned more often
than not.
This may result in either data corruption on DMA or a
page fault in dom0 which kills the whole machine.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
diff -r 88a17da7f336 drivers/xen/netback/loopback.c
--- a/drivers/xen/netback/loopback.c Thu Jul 26 16:36:52 2007 +0100
+++ b/drivers/xen/netback/loopback.c Tue Jul 31 18:59:11 2007 +0800
@@ -99,6 +99,10 @@ static int skb_remove_foreign_references
BUG_ON(skb_shinfo(skb)->frag_list);
+ if (skb_cloned(skb) &&
+ unlikely(pskb_expand_head(skb, 0, 0, GFP_ATOMIC)))
+ return 0;
+
for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
pfn = page_to_pfn(skb_shinfo(skb)->frags[i].page);
if (!is_foreign(pfn))
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
fc11cd6e1c513a17304da94a5390f3cd
>
files
>
4327
