From: Stephen Hemminger Date: Wed, 17 Jun 2009 12:17:34 +0000 (+0000) Subject: skbuff: don't corrupt mac_header on skb expansion X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=603a8bbe62e54108055fca46ecdd611c10c6cd0a;p=GitHub%2Fexynos8895%2Fandroid_kernel_samsung_universal8895.git skbuff: don't corrupt mac_header on skb expansion The skb mac_header field is sometimes NULL (or ~0u) as a sentinel value. The places where skb is expanded add an offset which would change this flag into an invalid pointer (or offset). Signed-off-by: Stephen Hemminger Signed-off-by: David S. Miller --- diff --git a/net/core/skbuff.c b/net/core/skbuff.c index 436695d8deb8..a4c01f5c6585 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -661,7 +661,8 @@ static void copy_skb_header(struct sk_buff *new, const struct sk_buff *old) /* {transport,network,mac}_header are relative to skb->head */ new->transport_header += offset; new->network_header += offset; - new->mac_header += offset; + if (skb_mac_header_was_set(new)) + new->mac_header += offset; #endif skb_shinfo(new)->gso_size = skb_shinfo(old)->gso_size; skb_shinfo(new)->gso_segs = skb_shinfo(old)->gso_segs; @@ -843,7 +844,8 @@ int pskb_expand_head(struct sk_buff *skb, int nhead, int ntail, skb->tail += off; skb->transport_header += off; skb->network_header += off; - skb->mac_header += off; + if (skb_mac_header_was_set(skb)) + skb->mac_header += off; skb->csum_start += nhead; skb->cloned = 0; skb->hdr_len = 0; @@ -935,7 +937,8 @@ struct sk_buff *skb_copy_expand(const struct sk_buff *skb, #ifdef NET_SKBUFF_DATA_USES_OFFSET n->transport_header += off; n->network_header += off; - n->mac_header += off; + if (skb_mac_header_was_set(skb)) + n->mac_header += off; #endif return n;