Hello David,

David Miller wrote:

From: Hideo AOKI <redacted>
Date: Tue, 25 Mar 2008 14:39:04 -0400

quoted

Current pskb_expand_head() doesn't change truesize, while it
reallocates memory. Then, if argument nhead or ntail aren't 0, caller
must update truesize.

We had this bug at audit_expand() in January and fixed it as commit
406a1d868001423c85a3165288e566e65f424fe6. However, some drivers and
subsystems still use pskb_expand_head() without updating truesize.

In addition, there is another problem to update truesise. Since
pskb_expand_head() aligns memory size before reallocation, caller
functions may not update turesize correctly if they just add nhaad
and ntail to turesize.

Drivers may not update truesize, because as I explained in
Tokyo a fundamental issue is the case where SKB is charged
already to a socket.  In such a case, skb->truesize may not
be modified without corrupting socket write queue allocation
state.

And at these very spots in drivers, the transmit path, the
SKB is very likely to be owned by a socket.

Thank you for explaining.

OK. I don't change driver code to avoid double charge.

Best regards,
Hideo

--
Hitachi Computer Products (America) Inc.