[NET]: Make skb_seq_read unmap the last fragment
authorOlaf Kirch <olaf.kirch@oracle.com>
Sun, 24 Jun 2007 06:11:52 +0000 (23:11 -0700)
committerDavid S. Miller <davem@davemloft.net>
Sun, 24 Jun 2007 06:11:52 +0000 (23:11 -0700)
Having walked through the entire skbuff, skb_seq_read would leave the
last fragment mapped.  As a consequence, the unwary caller would leak
kmaps, and proceed with preempt_count off by one. The only (kind of
non-intuitive) workaround is to use skb_seq_read_abort.

This patch makes sure skb_seq_read always unmaps frag_data after
having cycled through the skb's paged part.

Signed-off-by: Olaf Kirch <olaf.kirch@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/core/skbuff.c

index 8d43ae6979e53e8495c3ab09bc4d2cbf361a49d1..27cfe5fe4bb9f2bf274f3eb0d67dec0616995eff 100644 (file)
@@ -1706,6 +1706,11 @@ next_skb:
                st->stepped_offset += frag->size;
        }
 
                st->stepped_offset += frag->size;
        }
 
+       if (st->frag_data) {
+               kunmap_skb_frag(st->frag_data);
+               st->frag_data = NULL;
+       }
+
        if (st->cur_skb->next) {
                st->cur_skb = st->cur_skb->next;
                st->frag_idx = 0;
        if (st->cur_skb->next) {
                st->cur_skb = st->cur_skb->next;
                st->frag_idx = 0;