On Sun, 15 May 2005 22:22:56 +1000
Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote:
> On Sun, May 15, 2005 at 09:41:21PM +1000, herbert wrote:
> >
> > I'll post a new patch soon. However, since this is a pretty major change
> > and the bugs it fixes aren't that important it should probably be delayed
> > until 2.6.13.
>
> Here it is:
>
>
> Having frag_list members which holds wmem of an sk leads to nightmares
> with partially cloned frag skb's. The reason is that once you unleash
> a skb with a frag_list that has individual sk ownerships into the stack
> you can never undo those ownerships safely as they may have been cloned
> by things like netfilter. Since we have to undo them in order to make
> skb_linearize happy this approach leads to a dead-end.
>
> So let's go the other way and make this an invariant:
>
> For any skb on a frag_list, skb->sk must be NULL.
This requires skb_set_owner_* to check if it is called
for head skb or one from fragment and does nothing if
it is from frag_list.
Or to check the whole tree for ownering calls...
> That is, the socket ownership always belongs to the head skb.
> It turns out that the implementation is actually pretty simple.
>
> The above invariant is actually violated in the following patch
> for a short duration inside ip_fragment. This is OK because the
> offending frag_list member is either destroyed at the end of the
> slow path without being sent anywhere, or it is detached from
> the frag_list before being sent.
>
> Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
>
> Cheers,
> --
> Visit Openswan at http://www.openswan.org/
> Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Evgeniy Polyakov
Only failure makes us experts. -- Theo de Raadt
|