From: Jason Wang <jasowang@redhat.com>
Date: Wed, 10 Jul 2013 05:43:28 +0000 (+0800)
Subject: macvtap: correctly linearize skb when zerocopy is used
X-Git-Tag: v3.11-rc1~5^2~29
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=61d46bf979d5cd7c164709a80ad5676a35494aae;p=pandora-kernel.git

macvtap: correctly linearize skb when zerocopy is used

Userspace may produce vectors greater than MAX_SKB_FRAGS. When we try to
linearize parts of the skb to let the rest of iov to be fit in
the frags, we need count copylen into linear when calling macvtap_alloc_skb()
instead of partly counting it into data_len. Since this breaks
zerocopy_sg_from_iovec() since its inner counter assumes nr_frags should
be zero at beginning. This cause nr_frags to be increased wrongly without
setting the correct frags.

This bug were introduced from b92946e2919134ebe2a4083e4302236295ea2a73
(macvtap: zerocopy: validate vectors before building skb).

Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

Reading git-diff-tree failed