netem: fix skb_orphan_partial()
authorEric Dumazet <edumazet@google.com>
Thu, 11 May 2017 22:24:41 +0000 (15:24 -0700)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 7 Jun 2017 10:05:59 +0000 (12:05 +0200)
commit605b6b2b4d8a8abdafb675abda2e43c11d1b3921
tree57cb55fbbf7486c6526a81ea118f3d35812d584c
parent338f665acb4ba0b2c7656cc2487326497220168f
netem: fix skb_orphan_partial()

commit f6ba8d33cfbb46df569972e64dbb5bb7e929bfd9 upstream.

I should have known that lowering skb->truesize was dangerous :/

In case packets are not leaving the host via a standard Ethernet device,
but looped back to local sockets, bad things can happen, as reported
by Michael Madsen ( https://bugzilla.kernel.org/show_bug.cgi?id=195713 )

So instead of tweaking skb->truesize, lets change skb->destructor
and keep a reference on the owner socket via its sk_refcnt.

Fixes: f2f872f9272a ("netem: Introduce skb_orphan_partial() helper")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Michael Madsen <mkm@nabto.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net/core/sock.c