Commit ced14f68 authored by Simon Horman's avatar Simon Horman Committed by David S. Miller

net: Correct comparisons and calculations using skb->tail and skb-transport_header

This corrects an regression introduced by "net: Use 16bits for *_headers
fields of struct skbuff" when NET_SKBUFF_DATA_USES_OFFSET is not set. In
that case skb->tail will be a pointer whereas skb->transport_header
will be an offset from head. This is corrected by using wrappers that
ensure that comparisons and calculations are always made using pointers.
Signed-off-by: default avatarSimon Horman <horms@verge.net.au>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent be8b678c
...@@ -134,12 +134,14 @@ static inline int INET_ECN_set_ce(struct sk_buff *skb) ...@@ -134,12 +134,14 @@ static inline int INET_ECN_set_ce(struct sk_buff *skb)
{ {
switch (skb->protocol) { switch (skb->protocol) {
case cpu_to_be16(ETH_P_IP): case cpu_to_be16(ETH_P_IP):
if (skb->network_header + sizeof(struct iphdr) <= skb->tail) if (skb_network_header(skb) + sizeof(struct iphdr) <=
skb_tail_pointer(skb))
return IP_ECN_set_ce(ip_hdr(skb)); return IP_ECN_set_ce(ip_hdr(skb));
break; break;
case cpu_to_be16(ETH_P_IPV6): case cpu_to_be16(ETH_P_IPV6):
if (skb->network_header + sizeof(struct ipv6hdr) <= skb->tail) if (skb_network_header(skb) + sizeof(struct ipv6hdr) <=
skb_tail_pointer(skb))
return IP6_ECN_set_ce(ipv6_hdr(skb)); return IP6_ECN_set_ce(ipv6_hdr(skb));
break; break;
} }
......
...@@ -1724,7 +1724,7 @@ static void dev_queue_xmit_nit(struct sk_buff *skb, struct net_device *dev) ...@@ -1724,7 +1724,7 @@ static void dev_queue_xmit_nit(struct sk_buff *skb, struct net_device *dev)
skb_reset_mac_header(skb2); skb_reset_mac_header(skb2);
if (skb_network_header(skb2) < skb2->data || if (skb_network_header(skb2) < skb2->data ||
skb2->network_header > skb2->tail) { skb_network_header(skb2) > skb_tail_pointer(skb2)) {
net_crit_ratelimited("protocol %04x is buggy, dev %s\n", net_crit_ratelimited("protocol %04x is buggy, dev %s\n",
ntohs(skb2->protocol), ntohs(skb2->protocol),
dev->name); dev->name);
...@@ -3892,7 +3892,7 @@ static void skb_gro_reset_offset(struct sk_buff *skb) ...@@ -3892,7 +3892,7 @@ static void skb_gro_reset_offset(struct sk_buff *skb)
NAPI_GRO_CB(skb)->frag0 = NULL; NAPI_GRO_CB(skb)->frag0 = NULL;
NAPI_GRO_CB(skb)->frag0_len = 0; NAPI_GRO_CB(skb)->frag0_len = 0;
if (skb->mac_header == skb->tail && if (skb_mac_header(skb) == skb_tail_pointer(skb) &&
pinfo->nr_frags && pinfo->nr_frags &&
!PageHighMem(skb_frag_page(frag0))) { !PageHighMem(skb_frag_page(frag0))) {
NAPI_GRO_CB(skb)->frag0 = skb_frag_address(frag0); NAPI_GRO_CB(skb)->frag0 = skb_frag_address(frag0);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment