From 5b5a60da281c767196427ce8144deae6ec46b389 Mon Sep 17 00:00:00 2001 From: Olaf Kirch Date: Sat, 23 Jun 2007 23:11:52 -0700 Subject: [PATCH] [NET]: Make skb_seq_read unmap the last fragment Having walked through the entire skbuff, skb_seq_read would leave the last fragment mapped. As a consequence, the unwary caller would leak kmaps, and proceed with preempt_count off by one. The only (kind of non-intuitive) workaround is to use skb_seq_read_abort. This patch makes sure skb_seq_read always unmaps frag_data after having cycled through the skb's paged part. Signed-off-by: Olaf Kirch Signed-off-by: David S. Miller --- net/core/skbuff.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/core/skbuff.c b/net/core/skbuff.c index 8d43ae6979e5..27cfe5fe4bb9 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -1706,6 +1706,11 @@ next_skb: st->stepped_offset += frag->size; } + if (st->frag_data) { + kunmap_skb_frag(st->frag_data); + st->frag_data = NULL; + } + if (st->cur_skb->next) { st->cur_skb = st->cur_skb->next; st->frag_idx = 0; -- 2.20.1