core, nfqueue, openvswitch: Orphan frags in skb_zerocopy and handle errors

skb_zerocopy can copy elements of the frags array between skbs, but it doesn't
orphan them. Also, it doesn't handle errors, so this patch takes care of that
as well, and modify the callers accordingly. skb_tx_error() is also added to
the callers so they will signal the failed delivery towards the creator of the
skb.

Signed-off-by: Zoltan Kiss <zoltan.kiss@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 7 insertions, 2 deletions

diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue_core.c
index f072fe803510..108120f216b1 100644
--- a/net/netfilter/nfnetlink_queue_core.c
+++ b/net/netfilter/nfnetlink_queue_core.c
@@ -354,13 +354,16 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
 
         skb = nfnetlink_alloc_skb(net, size, queue->peer_portid,
                                   GFP_ATOMIC);
-        if (!skb)
+        if (!skb) {
+                skb_tx_error(entskb);
                 return NULL;
+        }
 
         nlh = nlmsg_put(skb, 0, 0,
                         NFNL_SUBSYS_QUEUE << 8 | NFQNL_MSG_PACKET,
                         sizeof(struct nfgenmsg), 0);
         if (!nlh) {
+                skb_tx_error(entskb);
                 kfree_skb(skb);
                 return NULL;
         }
@@ -488,13 +491,15 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
                 nla->nla_type = NFQA_PAYLOAD;
                 nla->nla_len = nla_attr_size(data_len);
 
-                skb_zerocopy(skb, entskb, data_len, hlen);
+                if (skb_zerocopy(skb, entskb, data_len, hlen))
+                        goto nla_put_failure;
         }
 
         nlh->nlmsg_len = skb->len;
         return skb;
 
 nla_put_failure:
+        skb_tx_error(entskb);
         kfree_skb(skb);
         net_err_ratelimited("nf_queue: error creating packet message\n");
         return NULL;