From: Sven Eckelmann <sven@xxxxxxxxxxxxx> commit 992b03b88e36254e26e9a4977ab948683e21bd9f upstream. When a packet is fragmented by batman-adv, the original batman-adv header is not modified. Only a new fragmentation is inserted between the original one and the ethernet header. The code must therefore make sure that it has a writable region of this size in the skbuff head. But it is not useful to always reallocate the skbuff by this size even when there would be more than enough headroom still in the skb. The reallocation is just to costly during in this codepath. Fixes: ee75ed88879a ("batman-adv: Fragment and send skbs larger than mtu") Signed-off-by: Sven Eckelmann <sven@xxxxxxxxxxxxx> Signed-off-by: Simon Wunderlich <sw@xxxxxxxxxxxxxxxxxx> [ bp: 4.9 backported: adjust context. ] Signed-off-by: Sven Eckelmann <sven@xxxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- net/batman-adv/fragmentation.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) --- a/net/batman-adv/fragmentation.c +++ b/net/batman-adv/fragmentation.c @@ -528,11 +528,14 @@ int batadv_frag_send_packet(struct sk_bu frag_header.no++; } - /* Make room for the fragment header. */ - if (batadv_skb_head_push(skb, header_size) < 0 || - pskb_expand_head(skb, header_size + ETH_HLEN, 0, GFP_ATOMIC) < 0) + /* make sure that there is at least enough head for the fragmentation + * and ethernet headers + */ + ret = skb_cow_head(skb, ETH_HLEN + header_size); + if (ret < 0) goto out; + skb_push(skb, header_size); memcpy(skb->data, &frag_header, header_size); /* Send the last fragment */