On 08/04/2015 07:11 PM, Sergei Shtylyov wrote:
> Hello.
>
> On 8/4/2015 12:55 PM, Jason Wang wrote:
>
>> virtio declares support for NETIF_F_FRAGLIST, but assumes
>> that there are at most MAX_SKB_FRAGS + 2 fragments which isn't
>> always true with a fraglist.
>
>> A longer fraglist in the skb wi
Hello.
On 8/4/2015 12:55 PM, Jason Wang wrote:
virtio declares support for NETIF_F_FRAGLIST, but assumes
that there are at most MAX_SKB_FRAGS + 2 fragments which isn't
always true with a fraglist.
A longer fraglist in the skb will make the call to skb_to_sgvec overflow
the sg array, leading
On Tue, Aug 04, 2015 at 05:55:45PM +0800, Jason Wang wrote:
> virtio declares support for NETIF_F_FRAGLIST, but assumes
> that there are at most MAX_SKB_FRAGS + 2 fragments which isn't
> always true with a fraglist.
>
> A longer fraglist in the skb will make the call to skb_to_sgvec overflow
> the
virtio declares support for NETIF_F_FRAGLIST, but assumes
that there are at most MAX_SKB_FRAGS + 2 fragments which isn't
always true with a fraglist.
A longer fraglist in the skb will make the call to skb_to_sgvec overflow
the sg array, leading to memory corruption.
Drop NETIF_F_FRAGLIST so we on
