If sendmsg() with MSG_SPLICE_PAGES encounters a page that shouldn't be
spliced - a slab page, for instance, or one with a zero count - make
__ip_append_data() copy it.
Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
cc: Willem de Bruijn <willemdebruijn.kernel@xxxxxxxxx>
cc: "David S. Miller" <davem@xxxxxxxxxxxxx>
cc: Eric Dumazet <edumazet@xxxxxxxxxx>
cc: Jakub Kicinski <kuba@xxxxxxxxxx>
cc: Paolo Abeni <pabeni@xxxxxxxxxx>
cc: Jens Axboe <axboe@xxxxxxxxx>
cc: Matthew Wilcox <willy@xxxxxxxxxxxxx>
cc: netdev@xxxxxxxxxxxxxxx
---
net/ipv4/ip_output.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 07736da70eab..e4aeaab704c8 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -1263,6 +1263,7 @@ static int __ip_append_data(struct sock *sk,
struct msghdr *msg = from;
struct page *page = NULL, **pages = &page;
size_t off;
+ bool put = false;
copy = iov_iter_extract_pages(&msg->msg_iter, &pages,
copy, 1, 0, &off);
@@ -1271,7 +1272,25 @@ static int __ip_append_data(struct sock *sk,
goto error;
}
+ if (!sendpage_ok(page)) {
+ const void *p = kmap_local_page(page);
+ void *q;
+
+ q = page_frag_memdup(NULL, p + off, copy,
+ sk->sk_allocation, ULONG_MAX);
+ kunmap_local(p);
+ if (!q) {
+ err = copy ?: -ENOMEM;
+ goto error;
+ }
+ page = virt_to_page(q);
+ off = offset_in_page(q);
+ put = true;
+ }
+
err = skb_append_pagefrags(skb, page, off, copy);
+ if (put)
+ put_page(page);
if (err < 0)
goto error;
