diff options
| author | Jingguo Tan <tanjingguo@huawei.com> | 2026-05-27 10:33:01 +0800 |
|---|---|---|
| committer | Jakub Kicinski <kuba@kernel.org> | 2026-05-29 12:38:00 -0700 |
| commit | 1e584c304cfb94a759417130b1fc6d30b30c4cce (patch) | |
| tree | c84d7da6bbb99fc4e97994cbb68b7efea2c5d6f2 /tools/testing/selftests/exec/binfmt_script.py | |
| parent | 422b5233b607476ac7176bfa2a101b9a103d7653 (diff) | |
vsock/virtio: bind uarg before filling zerocopy skb
virtio_transport_send_pkt_info() allocates or reuses the zerocopy uarg
before entering the send loop, but virtio_transport_alloc_skb() still
fills the skb before it inherits that uarg. When fixed-buffer vectored
zerocopy hits MAX_SKB_FRAGS, io_sg_from_iter() may partially attach
managed frags and return -EMSGSIZE. The rollback path call kfree_skb()
to free an skb that carries SKBFL_MANAGED_FRAG_REFS but no uarg, so
skb_release_data() falls through to ordinary frag unref.
Pass the uarg into virtio_transport_alloc_skb() and bind it immediately
before virtio_transport_fill_skb(). This keeps control or no-payload skbs
untouched while ensuring success and rollback share one lifetime rule.
Fixes: 581512a6dc93 ("vsock/virtio: MSG_ZEROCOPY flag support")
Signed-off-by: Lin Ma <malin89@huawei.com>
Signed-off-by: Rongzhen Cui <cuirongzhen@huawei.com>
Signed-off-by: Jingguo Tan <tanjingguo@huawei.com>
Acked-by: Arseniy Krasnov <avkrasnov@salutedevices.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Link: https://patch.msgid.link/20260527023301.1075581-1-malin89@huawei.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'tools/testing/selftests/exec/binfmt_script.py')
0 files changed, 0 insertions, 0 deletions