Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9de04e6b authored by Herbert Xu's avatar Herbert Xu Committed by Ravinder Konka
Browse files

net: Clone skb before setting peeked flag 



[ Upstream commit 738ac1ebb96d02e0d23bc320302a6ea94c612dec ]

Shared skbs must not be modified and this is crucial for broadcast
and/or multicast paths where we use it as an optimisation to avoid
unnecessary cloning.

The function skb_recv_datagram breaks this rule by setting peeked
without cloning the skb first.  This causes funky races which leads
to double-free.

This patch fixes this by cloning the skb and replacing the skb
in the list when setting skb->peeked.

Change-Id: I038b4fae0e1e4a0f57e2ddc7e235838fae96b6f9
Fixes: a59322be ("[UDP]: Only increment counter on first peek/recv")
Reported-by: default avatarKonstantin Khlebnikov <khlebnikov@yandex-team.ru>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Git-commit: 0ba48ae94c393dc4c43b257400046feeeb9c6fad
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git


Signed-off-by: default avatarRavinder Konka <rkonka@codeaurora.org>
parent 422bb915
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment