We leak an skb when there are too many frags, we also stop processing the packet in the middle, the result is almost sure to be loss of networking.
Reported-by: Michael Dalton <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]> --- Note: this path is gone upstream, so this patch is for stable kernel only. This is on top of series: virtio-net: backport error handling bugfix that I sent previously (and that this is in reply to). drivers/net/virtio_net.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index c0ed6d5..86fe1e7 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -344,7 +344,7 @@ static struct sk_buff *receive_mergeable(struct net_device *dev, if (i >= MAX_SKB_FRAGS) { pr_debug("%s: packet too long\n", skb->dev->name); skb->dev->stats.rx_length_errors++; - return NULL; + goto err_frags; } page = virtqueue_get_buf(rq->vq, &len); if (!page) { @@ -364,6 +364,7 @@ static struct sk_buff *receive_mergeable(struct net_device *dev, return skb; err_skb: give_pages(rq, page); while (--num_buf) { +err_frags: buf = virtqueue_get_buf(rq->vq, &len); if (unlikely(!buf)) { -- MST _______________________________________________ Virtualization mailing list [email protected] https://lists.linuxfoundation.org/mailman/listinfo/virtualization
