mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-01 14:44:12 +00:00
Code Issues Releases Wiki Activity
linux-stable/net
History
Jesper Dangaard Brouer f72ff8b81e net: fix kfree_skb_list use of skb_mark_not_on_list 
A bug was introduced by commit eedade12f4 ("net: kfree_skb_list use
kmem_cache_free_bulk"). It unconditionally unlinked the SKB list via
invoking skb_mark_not_on_list().

In this patch we choose to remove the skb_mark_not_on_list() call as it
isn't necessary. It would be possible and correct to call
skb_mark_not_on_list() only when __kfree_skb_reason() returns true,
meaning the SKB is ready to be free'ed, as it calls/check skb_unref().

This fix is needed as kfree_skb_list() is also invoked on skb_shared_info
frag_list (skb_drop_fraglist() calling kfree_skb_list()). A frag_list can
have SKBs with elevated refcnt due to cloning via skb_clone_fraglist(),
which takes a reference on all SKBs in the list. This implies the
invariant that all SKBs in the list must have the same refcnt, when using
kfree_skb_list().

Reported-by: syzbot+c8a2e66e37eee553c4fd@syzkaller.appspotmail.com
Reported-and-tested-by: syzbot+c8a2e66e37eee553c4fd@syzkaller.appspotmail.com
Fixes: eedade12f4 ("net: kfree_skb_list use kmem_cache_free_bulk")
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/167421088417.1125894.9761158218878962159.stgit@firesoul
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2023-01-23 21:39:04 -08:00
..
6lowpan
9p xen: branch for v6.2-rc4 2023-01-12 17:02:20 -06:00
802 treewide: Convert del_timer*() to timer_shutdown*() 2022-12-25 13:38:09 -08:00
8021q net: Remove the obsolte u64_stats_fetch_*_irq() users (net). 2022-10-28 20:13:54 -07:00
appletalk
atm driver core: make struct class.dev_uevent() take a const * 2022-11-24 17:12:15 +01:00
ax25 ax25: af_ax25: Remove unnecessary (void*) conversions 2022-11-16 13:31:03 +00:00
batman-adv Networking changes for 6.2. 2022-12-13 15:47:48 -08:00
bluetooth net/sock: Introduce trace_sk_data_ready() 2023-01-23 11:26:50 +00:00
bpf New Feature: 2022-12-17 14:06:53 -06:00
bpfilter
bridge treewide: Convert del_timer*() to timer_shutdown*() 2022-12-25 13:38:09 -08:00
caif caif: don't assume iov_iter type 2023-01-13 20:44:20 -08:00
can Networking changes for 6.2. 2022-12-13 15:47:48 -08:00
ceph net/sock: Introduce trace_sk_data_ready() 2023-01-23 11:26:50 +00:00
core net: fix kfree_skb_list use of skb_mark_not_on_list 2023-01-23 21:39:04 -08:00
dcb net: dcb: add helper functions to retrieve PCP and DSCP rewrite maps 2023-01-20 09:33:22 +00:00
dccp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-11-29 13:04:52 -08:00
devlink devlink: add instance lock assertion in devl_is_registered() 2023-01-19 19:08:38 -08:00
dns_resolver cred: Do not default to init_cred in prepare_kernel_cred() 2022-11-01 10:04:52 -07:00
dsa net: dsa: add plumbing for changing and getting MAC merge layer state 2023-01-23 12:44:18 +00:00
ethernet net: ethernet: use sysfs_emit() to instead of scnprintf() 2022-12-07 20:02:44 -08:00
ethtool ethtool: Add and use ethnl_update_bool. 2023-01-23 13:57:39 +00:00
hsr hsr: Use a single struct for self_node. 2022-12-01 20:26:22 -08:00
ieee802154 Merge tag 'ieee802154-for-net-next-2022-12-05' of git://git.kernel.org/pub/scm/linux/kernel/git/sschmidt/wpan-next 2022-12-07 17:33:26 -08:00
ife
ipv4 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-01-20 12:28:23 -08:00
ipv6 ipv6: Remove extra counter pull before gc 2023-01-18 13:00:16 +00:00
iucv
kcm net/sock: Introduce trace_sk_data_ready() 2023-01-23 11:26:50 +00:00
key Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 2022-11-29 20:50:51 -08:00
l2tp l2tp: prevent lockdep issue in l2tp_tunnel_register() 2023-01-18 14:44:54 +00:00
l3mdev
lapb
llc
mac80211 wifi: mac80211: drop extra 'e' from ieeee80211... name 2023-01-19 14:57:51 +01:00
mac802154 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-12-08 18:19:59 -08:00
mctp mctp: Remove device type check at unregister 2022-12-19 17:20:22 -08:00
mpls net: Remove the obsolte u64_stats_fetch_*_irq() users (net). 2022-10-28 20:13:54 -07:00
mptcp net/sock: Introduce trace_sk_data_ready() 2023-01-23 11:26:50 +00:00
ncsi net/ncsi: Silence runtime memcpy() false positive warning 2022-12-06 17:29:14 -08:00
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-01-20 12:28:23 -08:00
netlabel
netlink Networking changes for 6.2. 2022-12-13 15:47:48 -08:00
netrom
nfc net: nfc: Fix use-after-free in local_cleanup() 2023-01-13 20:53:44 -08:00
nsh
openvswitch net: openvswitch: release vport resources on failure 2022-12-21 17:48:12 -08:00
packet Networking changes for 6.2. 2022-12-13 15:47:48 -08:00
phonet net/sock: Introduce trace_sk_data_ready() 2023-01-23 11:26:50 +00:00
psample
qrtr net/sock: Introduce trace_sk_data_ready() 2023-01-23 11:26:50 +00:00
rds net/sock: Introduce trace_sk_data_ready() 2023-01-23 11:26:50 +00:00
rfkill Merge wireless into wireless-next 2023-01-17 13:36:25 +02:00
rose rose: Fix NULL pointer dereference in rose_send_frame() 2022-11-02 11:57:30 +00:00
rxrpc rxrpc: Fix wrong error return in rxrpc_connect_call() 2023-01-12 21:51:55 -08:00
sched Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-01-20 12:28:23 -08:00
sctp net/sock: Introduce trace_sk_data_ready() 2023-01-23 11:26:50 +00:00
smc net/sock: Introduce trace_sk_data_ready() 2023-01-23 11:26:50 +00:00
strparser
sunrpc net/sock: Introduce trace_sk_data_ready() 2023-01-23 11:26:50 +00:00
switchdev
tipc net/sock: Introduce trace_sk_data_ready() 2023-01-23 11:26:50 +00:00
tls net/sock: Introduce trace_sk_data_ready() 2023-01-23 11:26:50 +00:00
unix unix: Improve locking scheme in unix_show_fdinfo() 2023-01-16 11:21:11 +00:00
vmw_vsock virtio/vsock: replace virtio_vsock_pkt with sk_buff 2023-01-16 13:26:33 +00:00
wireless wifi: wireless: deny wireless extensions on MLO-capable devices 2023-01-19 20:01:41 +02:00
x25 net/x25: Fix skb leak in x25_lapb_receive_frame() 2022-11-15 20:22:19 -08:00
xdp bpf: Expand map key argument of bpf_redirect_map to u64 2022-11-15 09:00:27 -08:00
xfrm net/sock: Introduce trace_sk_data_ready() 2023-01-23 11:26:50 +00:00
compat.c use less confusing names for iov_iter direction initializers 2022-11-25 13:01:55 -05:00
devres.c
Kconfig
Kconfig.debug
Makefile devlink: move code to a dedicated directory 2023-01-05 22:12:00 -08:00
socket.c sock: add tracepoint for send recv length 2023-01-13 10:25:10 +00:00
sysctl_net.c