Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 75faeb69 authored by Willem de Bruijn's avatar Willem de Bruijn Committed by PavanKumar S.R
Browse files

UPSTREAM: net/packet: rx_owner_map depends on pg_vec 



[ Upstream commit ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 ]

Packet sockets may switch ring versions. Avoid misinterpreting state
between versions, whose fields share a union. rx_owner_map is only
allocated with a packet ring (pg_vec) and both are swapped together.
If pg_vec is NULL, meaning no packet ring was allocated, then neither
was rx_owner_map. And the field may be old state from a tpacket_v3.

Bug: 213464034
Fixes: 61fad6816fc1 ("net/packet: tpacket_rcv: avoid a producer race condition")
Reported-by: default avatarSyzbot <syzbot+1ac0994a0a0c55151121@syzkaller.appspotmail.com>
Signed-off-by: default avatarWillem de Bruijn <willemb@google.com>
Reviewed-by: default avatarEric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20211215143937.106178-1-willemdebruijn.kernel@gmail.com


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatarAaron Ding <aaronding@google.com>
Change-Id: Ifd09717336bafe2a3e20389f7f7eb7b95d19e8cd
Git-commit: 27fc5a7c6972bd73ac0cc0cf811ec2ecb989014f
Git-repo: https://android.googlesource.com/kernel/common


Signed-off-by: default avatarPavanKumar S.R <quic_pavasr@quicinc.com>
parent 447fa26c
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment