When we corking sub-datagrams, we do not clone skb->dst for sub-datagrams
other than the first one, so we get oops if we have multiple sub-datagrams
here.
One possible way to fix this is to clone skb->dst for all sub-datagrams,
but we do not take this approach because skb->dst is not used in other
places and it is more natural to increment statistics once per a datagram.
Also applicable for stable releases.
Signed-off-by: YOSHIFUJI Hideaki <[EMAIL PROTECTED]>
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 4704b5f..6530044 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -1423,8 +1423,15 @@ void ip6_flush_pending_frames(struct sock *sk)
struct sk_buff *skb;
while ((skb = __skb_dequeue_tail(&sk->sk_write_queue)) != NULL) {
- IP6_INC_STATS(ip6_dst_idev(skb->dst),
- IPSTATS_MIB_OUTDISCARDS);
+ if (skb->dst) {
+ /*
+ * Note: we count standard stats once per "datagram"
+ * and skb->dst is set only for the first
+ * sub-datagram of the datagram.
+ */
+ IP6_INC_STATS(ip6_dst_idev(skb->dst),
+ IPSTATS_MIB_OUTDISCARDS);
+ }
kfree_skb(skb);
}
--
YOSHIFUJI Hideaki @ USAGI Project <[EMAIL PROTECTED]>
GPG-FP : 9022 65EB 1ECF 3AD1 0BDF 80D8 4807 F894 E062 0EEA
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
