Merge branch 'tcp-take-care-of-another-syzbot-issue'

{

	return skb->end;

}

static inline void skb_set_end_offset(struct sk_buff *skb, unsigned int offset)

{

	skb->end = offset;

}

#else

static inline unsigned char *skb_end_pointer(const struct sk_buff *skb)

{

{

	return skb->end - skb->head;

}

static inline void skb_set_end_offset(struct sk_buff *skb, unsigned int offset)

{

	skb->end = skb->head + offset;

}

#endif

/* Internal */

	return 0;

}

/* This variant of skb_unclone() makes sure skb->truesize is not changed */

/* This variant of skb_unclone() makes sure skb->truesize

 * and skb_end_offset() are not changed, whenever a new skb->head is needed.

 *

 * Indeed there is no guarantee that ksize(kmalloc(X)) == ksize(kmalloc(X))

 * when various debugging features are in place.

 */

int __skb_unclone_keeptruesize(struct sk_buff *skb, gfp_t pri);

static inline int skb_unclone_keeptruesize(struct sk_buff *skb, gfp_t pri)

{

	might_sleep_if(gfpflags_allow_blocking(pri));

	if (skb_cloned(skb)) {

		unsigned int save = skb->truesize;

		int res;

		res = pskb_expand_head(skb, 0, 0, pri);

		skb->truesize = save;

		return res;

	}

	if (skb_cloned(skb))

		return __skb_unclone_keeptruesize(skb, pri);

	return 0;

}

	skb->head = data;

	skb->data = data;

	skb_reset_tail_pointer(skb);

	skb->end = skb->tail + size;

	skb_set_end_offset(skb, size);

	skb->mac_header = (typeof(skb->mac_header))~0U;

	skb->transport_header = (typeof(skb->transport_header))~0U;

	skb->head     = data;

	skb->head_frag = 0;

	skb->data    += off;

	skb_set_end_offset(skb, size);

#ifdef NET_SKBUFF_DATA_USES_OFFSET

	skb->end      = size;

	off           = nhead;

#else

	skb->end      = skb->head + size;

#endif

	skb->tail	      += off;

	skb_headers_offset_update(skb, nhead);

}

EXPORT_SYMBOL(skb_realloc_headroom);

int __skb_unclone_keeptruesize(struct sk_buff *skb, gfp_t pri)

{

	unsigned int saved_end_offset, saved_truesize;

	struct skb_shared_info *shinfo;

	int res;

	saved_end_offset = skb_end_offset(skb);

	saved_truesize = skb->truesize;

	res = pskb_expand_head(skb, 0, 0, pri);

	if (res)

		return res;

	skb->truesize = saved_truesize;

	if (likely(skb_end_offset(skb) == saved_end_offset))

		return 0;

	shinfo = skb_shinfo(skb);

	/* We are about to change back skb->end,

	 * we need to move skb_shinfo() to its new location.

	 */

	memmove(skb->head + saved_end_offset,

		shinfo,

		offsetof(struct skb_shared_info, frags[shinfo->nr_frags]));

	skb_set_end_offset(skb, saved_end_offset);

	return 0;

}

/**

 *	skb_expand_head - reallocate header of &sk_buff

 *	@skb: buffer to reallocate

	skb->head = data;

	skb->data = data;

	skb->head_frag = 0;

#ifdef NET_SKBUFF_DATA_USES_OFFSET

	skb->end = size;

#else

	skb->end = skb->head + size;

#endif

	skb_set_end_offset(skb, size);

	skb_set_tail_pointer(skb, skb_headlen(skb));

	skb_headers_offset_update(skb, 0);

	skb->cloned = 0;

	skb->head = data;

	skb->head_frag = 0;

	skb->data = data;

#ifdef NET_SKBUFF_DATA_USES_OFFSET

	skb->end = size;

#else

	skb->end = skb->head + size;

#endif

	skb_set_end_offset(skb, size);

	skb_reset_tail_pointer(skb);

	skb_headers_offset_update(skb, 0);

	skb->cloned   = 0;