bugzilla-daemon@bugzilla.netfilter.org
2007-Mar-26 21:17 UTC
[Bug 555] New: skb_trim() Called on Paged skb in ip_queue
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=555 Summary: skb_trim() Called on Paged skb in ip_queue Product: netfilter/iptables Version: linux-2.6.x Platform: i386 OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P2 Component: unknown AssignedTo: laforge@netfilter.org ReportedBy: smilerliu@gmail.com In ip_queue.c: *** static int ipq_mangle_ipv4(ipq_verdict_msg_t *v, struct ipq_queue_entry *e) { int diff; struct iphdr *user_iph = (struct iphdr *)v->payload; if (v->data_len < sizeof(*user_iph)) return 0; diff = v->data_len - e->skb->len; if (diff < 0) skb_trim(e->skb, v->data_len); *** Here skb_trim is called on a potentially paged skb. In older kernels (such as 2.6.16.13) there is no problem because its __skb_trim() automatically calls ___pskb_trim() when the skb is paged, but in newer kernels (such as 2.6.18) WARN_ON(1) is called and the trim is not really done. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.