From: Eric Dumazet
Date: Wed, 29 May 2019 15:36:10 -0700
> If a network driver provides to napi_gro_frags() an
> skb with a page fragment of exactly 14 bytes, the call
> to gro_pull_from_frag0() will 'consume' the fragment
> by calling skb_frag_unref(skb, 0), and the page might
> be freed and reu
If a network driver provides to napi_gro_frags() an
skb with a page fragment of exactly 14 bytes, the call
to gro_pull_from_frag0() will 'consume' the fragment
by calling skb_frag_unref(skb, 0), and the page might
be freed and reused.
Reading eth->h_proto at the end of napi_frags_skb() might
read
