[VLAN/BRIDGE]: Fix "skb_pull_rcsum - Fatal exception in interrupt"
authorEvgeniy Polyakov <johnpol@2ka.mipt.ru>
Sat, 25 Aug 2007 06:36:29 +0000 (23:36 -0700)
committerDavid S. Miller <davem@sunset.davemloft.net>
Mon, 27 Aug 2007 01:35:47 +0000 (18:35 -0700)
commite7c243c925f6d9dcb898504ff24d6650b5cbb3b1
treef06ae59e206e4876b0326c65811f496a8b1f4bdc
parent7c8347a91dbbb723d8ed106ec817dabac97f2bbc
[VLAN/BRIDGE]: Fix "skb_pull_rcsum - Fatal exception in interrupt"

I tried to preserve bridging code as it was before, but logic is quite
strange - I think we should free skb on error, since it is already
unshared and thus will just leak.

Herbert Xu states:

> + if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)
> + goto out;

If this happens it'll be a double-free on skb since we'll
return NF_DROP which makes the caller free it too.

We could return NF_STOLEN to prevent that but I'm not sure
whether that's correct netfilter semantics.  Patrick, could
you please make a call on this?

Patrick McHardy states:

NF_STOLEN should work fine here.

Signed-off-by: Evgeniy Polyakov <johnpol@2ka.mipt.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/8021q/vlan_dev.c
net/bridge/br_netfilter.c