| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200813121310.23016-1-linmiaohe@huawei.com>
Date: Thu, 13 Aug 2020 08:13:10 -0400
From: Miaohe Lin <linmiaohe@...wei.com>
To: <davem@...emloft.net>, <kuba@...nel.org>, <fw@...len.de>,
<martin.varghese@...ia.com>, <pshelar@....org>,
<dcaratti@...hat.com>, <edumazet@...gle.com>,
<steffen.klassert@...unet.com>, <pabeni@...hat.com>,
<shmulik@...anetworks.com>, <kyk.segfault@...il.com>,
<sowmini.varadhan@...cle.com>
CC: <netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
<linmiaohe@...wei.com>
Subject: [PATCH] net: add missing skb_uarg refcount increment in pskb_carve_inside_header()
If the skb is zcopied, we should increase the skb_uarg refcount before we
involve skb_release_data(). See pskb_expand_head() as a reference.
Fixes: 6fa01ccd8830 ("skbuff: Add pskb_extract() helper function")
Signed-off-by: Miaohe Lin <linmiaohe@...wei.com>
---
net/core/skbuff.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 475f9aa51b57..975600558e8b 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -5842,6 +5842,8 @@ static int pskb_carve_inside_header(struct sk_buff *skb, const u32 off,
kfree(data);
return -ENOMEM;
}
+ if (skb_zcopy(skb))
+ refcount_inc(&skb_uarg(skb)->refcnt);
for (i = 0; i < skb_shinfo(skb)->nr_frags; i++)
skb_frag_ref(skb, i);
if (skb_has_frag_list(skb))
--
2.19.1
Powered by blists - more mailing lists