diff options
| author | Linus Lüssing <[email protected]> | 2015-08-13 05:54:07 +0200 |
|---|---|---|
| committer | David S. Miller <[email protected]> | 2015-08-13 17:08:39 -0700 |
| commit | a516993f0ac1694673412eb2d16a091eafa77d2a (patch) | |
| tree | 43e65ff360cc79cff96dc8c44f161fb0ad41b9c9 /tools/perf/scripts/python/bin | |
| parent | 5b3e2e14eaa2a98232a4f292341fb88438685734 (diff) | |
net: fix wrong skb_get() usage / crash in IGMP/MLD parsing code
The recent refactoring of the IGMP and MLD parsing code into
ipv6_mc_check_mld() / ip_mc_check_igmp() introduced a potential crash /
BUG() invocation for bridges:
I wrongly assumed that skb_get() could be used as a simple reference
counter for an skb which is not the case. skb_get() bears additional
semantics, a user count. This leads to a BUG() invocation in
pskb_expand_head() / kernel panic if pskb_may_pull() is called on an skb
with a user count greater than one - unfortunately the refactoring did
just that.
Fixing this by removing the skb_get() call and changing the API: The
caller of ipv6_mc_check_mld() / ip_mc_check_igmp() now needs to
additionally check whether the returned skb_trimmed is a clone.
Fixes: 9afd85c9e455 ("net: Export IGMP/MLD message validation code")
Reported-by: Brenden Blanco <[email protected]>
Signed-off-by: Linus Lüssing <[email protected]>
Acked-by: Alexei Starovoitov <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Diffstat (limited to 'tools/perf/scripts/python/bin')
0 files changed, 0 insertions, 0 deletions