From: Jason Wang
Date: Wed, 5 Aug 2015 10:34:04 +0800
> virtio declares support for NETIF_F_FRAGLIST, but assumes
> that there are at most MAX_SKB_FRAGS + 2 fragments which isn't
> always true with a fraglist.
>
> A longer fraglist in the skb will make the call to skb_to_sgvec overflow
> the sg
From: "Michael S. Tsirkin"
Date: Thu, 6 Aug 2015 16:13:11 +0300
> On Wed, Aug 05, 2015 at 10:34:04AM +0800, Jason Wang wrote:
>> virtio declares support for NETIF_F_FRAGLIST, but assumes
>> that there are at most MAX_SKB_FRAGS + 2 fragments which isn't
>> always true with a fraglist.
>>
>> A lon
On Wed, Aug 05, 2015 at 10:34:04AM +0800, Jason Wang wrote:
> virtio declares support for NETIF_F_FRAGLIST, but assumes
> that there are at most MAX_SKB_FRAGS + 2 fragments which isn't
> always true with a fraglist.
>
> A longer fraglist in the skb will make the call to skb_to_sgvec overflow
> the
On Wed, Aug 05, 2015 at 10:34:04AM +0800, Jason Wang wrote:
> virtio declares support for NETIF_F_FRAGLIST, but assumes
> that there are at most MAX_SKB_FRAGS + 2 fragments which isn't
> always true with a fraglist.
>
> A longer fraglist in the skb will make the call to skb_to_sgvec overflow
> the
virtio declares support for NETIF_F_FRAGLIST, but assumes
that there are at most MAX_SKB_FRAGS + 2 fragments which isn't
always true with a fraglist.
A longer fraglist in the skb will make the call to skb_to_sgvec overflow
the sg array, leading to memory corruption.
Drop NETIF_F_FRAGLIST so we on
