diff options
| author | Herbert Xu <[email protected]> | 2015-07-13 16:04:13 +0800 |
|---|---|---|
| committer | David S. Miller <[email protected]> | 2015-07-15 15:59:58 -0700 |
| commit | 738ac1ebb96d02e0d23bc320302a6ea94c612dec (patch) | |
| tree | b2c9c3f8bdf874f4500c1419bfc0eba31b21efb8 /lib/memory-notifier-error-inject.c | |
| parent | 035d210f928ce083435b4fd351a26d126c02c927 (diff) | |
net: Clone skb before setting peeked flag
Shared skbs must not be modified and this is crucial for broadcast
and/or multicast paths where we use it as an optimisation to avoid
unnecessary cloning.
The function skb_recv_datagram breaks this rule by setting peeked
without cloning the skb first. This causes funky races which leads
to double-free.
This patch fixes this by cloning the skb and replacing the skb
in the list when setting skb->peeked.
Fixes: a59322be07c9 ("[UDP]: Only increment counter on first peek/recv")
Reported-by: Konstantin Khlebnikov <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Diffstat (limited to 'lib/memory-notifier-error-inject.c')
0 files changed, 0 insertions, 0 deletions