aboutsummaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authorEric Dumazet <eric.dumazet@gmail.com>2011-05-18 02:21:31 -0400
committerGreg Kroah-Hartman <gregkh@suse.de>2011-06-03 09:31:54 +0900
commit3a029a52f334fcdf19da9496f3ec122fafe4cad5 (patch)
tree70d57ebe5d643973aa2ab12617ba7a6a54d79bd1 /net
parentb71dedf430e6a345b4ba47212ba1b433eef999dc (diff)
net: add skb_dst_force() in sock_queue_err_skb()
[ Upstream commit abb57ea48fd9431fa320a5c55f73e6b5a44c2efb ] Commit 7fee226ad239 (add a noref bit on skb dst) forgot to use skb_dst_force() on packets queued in sk_error_queue This triggers following warning, for applications using IP_CMSG_PKTINFO receiving one error status ------------[ cut here ]------------ WARNING: at include/linux/skbuff.h:457 ip_cmsg_recv_pktinfo+0xa6/0xb0() Hardware name: 2669UYD Modules linked in: isofs vboxnetadp vboxnetflt nfsd ebtable_nat ebtables lib80211_crypt_ccmp uinput xcbc hdaps tp_smapi thinkpad_ec radeonfb fb_ddc radeon ttm drm_kms_helper drm ipw2200 intel_agp intel_gtt libipw i2c_algo_bit i2c_i801 agpgart rng_core cfbfillrect cfbcopyarea cfbimgblt video raid10 raid1 raid0 linear md_mod vboxdrv Pid: 4697, comm: miredo Not tainted 2.6.39-rc6-00569-g5895198-dirty #22 Call Trace: [<c17746b6>] ? printk+0x1d/0x1f [<c1058302>] warn_slowpath_common+0x72/0xa0 [<c15bbca6>] ? ip_cmsg_recv_pktinfo+0xa6/0xb0 [<c15bbca6>] ? ip_cmsg_recv_pktinfo+0xa6/0xb0 [<c1058350>] warn_slowpath_null+0x20/0x30 [<c15bbca6>] ip_cmsg_recv_pktinfo+0xa6/0xb0 [<c15bbdd7>] ip_cmsg_recv+0x127/0x260 [<c154f82d>] ? skb_dequeue+0x4d/0x70 [<c1555523>] ? skb_copy_datagram_iovec+0x53/0x300 [<c178e834>] ? sub_preempt_count+0x24/0x50 [<c15bdd2d>] ip_recv_error+0x23d/0x270 [<c15de554>] udp_recvmsg+0x264/0x2b0 [<c15ea659>] inet_recvmsg+0xd9/0x130 [<c1547752>] sock_recvmsg+0xf2/0x120 [<c11179cb>] ? might_fault+0x4b/0xa0 [<c15546bc>] ? verify_iovec+0x4c/0xc0 [<c1547660>] ? sock_recvmsg_nosec+0x100/0x100 [<c1548294>] __sys_recvmsg+0x114/0x1e0 [<c1093895>] ? __lock_acquire+0x365/0x780 [<c1148b66>] ? fget_light+0xa6/0x3e0 [<c1148b7f>] ? fget_light+0xbf/0x3e0 [<c1148aee>] ? fget_light+0x2e/0x3e0 [<c1549f29>] sys_recvmsg+0x39/0x60 Close bug https://bugzilla.kernel.org/show_bug.cgi?id=34622 Reported-by: Witold Baryluk <baryluk@smp.if.uj.edu.pl> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> CC: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'net')
-rw-r--r--net/core/skbuff.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 7ebeed0a877..3e934fe96f2 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -2993,6 +2993,9 @@ int sock_queue_err_skb(struct sock *sk, struct sk_buff *skb)
skb->destructor = sock_rmem_free;
atomic_add(skb->truesize, &sk->sk_rmem_alloc);
+ /* before exiting rcu section, make sure dst is refcounted */
+ skb_dst_force(skb);
+
skb_queue_tail(&sk->sk_error_queue, skb);
if (!sock_flag(sk, SOCK_DEAD))
sk->sk_data_ready(sk, skb->len);