[PATCH lucid/fsl-imx51] core: Fix memory leak/corruption on VLAN GRO_DROP
Stefan Bader
stefan.bader at canonical.com
Mon Sep 19 14:00:06 UTC 2011
From: Herbert Xu <herbert.xu at redhat.com>
The function napi_reuse_skb is only meant to be used for packets
merged by GRO. Using it on the VLAN path will lead to memory
leaks/corruption. This patch is based on Jay Vosburgh's patch,
and it fixes the problem by calling kfree_skb on the VLAN GRO_DROP
path instead of napi_reuse_skb.
Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
Signed-off-by: Jarod Wilson <jarod at redhat.com>
CVE-2011-1576
BugLink: http://bugs.launchpad.net/bugs/844361
(cherry-picked from kernel-2.6.18-238.19.1.el5.src.rpm)
Signed-off-by: Stefan Bader <stefan.bader at canonical.com>
---
net/core/dev.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/net/core/dev.c b/net/core/dev.c
index 8b1847c..4b8752c 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -2601,7 +2601,8 @@ int napi_frags_finish(struct napi_struct *napi, struct sk_buff *skb, int ret)
case GRO_DROP:
err = NET_RX_DROP;
- /* fall through */
+ kfree_skb(skb);
+ break;
case GRO_MERGED_FREE:
napi_reuse_skb(napi, skb);
--
1.7.4.1
More information about the kernel-team
mailing list