On Monday 26 April 2010 07:24:13 Sven Eckelmann wrote:
We must ensure that all pointer to a socket buffer are updated when we copy a socket buffer and free our reference to the old one. Another part of the kernel could also free its reference which maybe removes the buffer completely. In that situation we would would feed wrong information to the routing algorithm after the memory area is written again by someone else.
Good catch !
@@ -960,6 +963,7 @@ int recv_icmp_packet(struct sk_buff *skb) if (!skb) return NET_RX_DROP; icmp_packet = (struct icmp_packet_rr *)skb->data;
ethhdr = (struct ethhdr *)skb_mac_header(skb); kfree_skb(skb_old);@@ -1106,6 +1110,7 @@ int recv_unicast_packet(struct sk_buff *skb) if (!skb) return NET_RX_DROP; unicast_packet = (struct unicast_packet *) skb->data;
ethhdr = (struct ethhdr *)skb_mac_header(skb);
I was about to commit your patch when I fell over these last 2 changes. I can't see why we need them. What did I miss ?
Regards, Marek