Message ID | 20111009171919.10922hrx8qjm2f7b@webmail.your-server.de |
---|---|
State | Superseded, archived |
Delegated to: | David Miller |
Headers | show |
Le dimanche 09 octobre 2011 à 17:19 +0200, danborkmann@iogearbox.net a écrit : > This tiny patch derefs the skb only after BUG_ON(skb==NULL) was evaluated > and not before. Patched against latest Linus tree. > > Thanks, > Daniel > > Signed-off-by: Daniel Borkmann <danborkmann@iogearbox.net> > > diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c > index fabb4fa..d9d833b 100644 > --- a/net/packet/af_packet.c > +++ b/net/packet/af_packet.c > @@ -1167,11 +1167,12 @@ ring_is_full: > > static void tpacket_destruct_skb(struct sk_buff *skb) > { > - struct packet_sock *po = pkt_sk(skb->sk); > + struct packet_sock *po; > void *ph; > > BUG_ON(skb == NULL); > > + po = pkt_sk(skb->sk); > if (likely(po->tx_ring.pg_vec)) { > ph = skb_shinfo(skb)->destructor_arg; > BUG_ON(__packet_get_status(po, ph) != TP_STATUS_SENDING); > > Well, to be honest, this BUG_ON(!skb) is absolutely useless for two reasons. 1) If skb happens to be NULL, the NULL dereference is trapped and stack trace dumped as well. 2) Of course, tpacket_destruct_skb() being an skb destructor, skb cannot be NULL at this point by design. Please remove the BUG_ON() instead of trying to move it ;) Thanks -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index fabb4fa..d9d833b 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -1167,11 +1167,12 @@ ring_is_full: static void tpacket_destruct_skb(struct sk_buff *skb) { - struct packet_sock *po = pkt_sk(skb->sk); + struct packet_sock *po; void *ph; BUG_ON(skb == NULL); + po = pkt_sk(skb->sk); if (likely(po->tx_ring.pg_vec)) { ph = skb_shinfo(skb)->destructor_arg; BUG_ON(__packet_get_status(po, ph) != TP_STATUS_SENDING);
This tiny patch derefs the skb only after BUG_ON(skb==NULL) was evaluated and not before. Patched against latest Linus tree. Thanks, Daniel Signed-off-by: Daniel Borkmann <danborkmann@iogearbox.net> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html