net: Clone skb before setting peeked flag - xavi/android_kernel_m2note - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Herbert Xu <herbert@gondor.apana.org.au>	2015-07-13 16:04:13 +0800
committer	Moyster <oysterized@gmail.com>	2016-08-26 20:02:23 +0200
commit	74c9a3aed33072dc623bdcce68f0dd9503275bc4 (patch)
tree	4ca073f803a77ddb7c3d09ca0d7b148bf5c0da46 /include/linux/root_dev.h
parent	064af0c2f86309e73b98f7bc4dae2f8ea9706756 (diff)

net: Clone skb before setting peeked flag

[ Upstream commit 738ac1ebb96d02e0d23bc320302a6ea94c612dec ] Shared skbs must not be modified and this is crucial for broadcast and/or multicast paths where we use it as an optimisation to avoid unnecessary cloning. The function skb_recv_datagram breaks this rule by setting peeked without cloning the skb first. This causes funky races which leads to double-free. This patch fixes this by cloning the skb and replacing the skb in the list when setting skb->peeked. Fixes: a59322be07c9 ("[UDP]: Only increment counter on first peek/recv") Reported-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Stefan Guendhoer <stefan@guendhoer.com>

Diffstat (limited to 'include/linux/root_dev.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: