[3.16.y-ckt stable] Patch "ipv4: ip_check_defrag should correctly check return value of skb_copy_bits" has been added to staging queue

Luis Henriques luis.henriques at canonical.com
Thu Mar 19 10:11:21 UTC 2015

This is a note to let you know that I have just added a patch titled

    ipv4: ip_check_defrag should correctly check return value of skb_copy_bits

to the linux-3.16.y-queue branch of the 3.16.y-ckt extended stable tree 
which can be found at:


This patch is scheduled to be released in version 3.16.7-ckt9.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.16.y-ckt tree, see



>From 03734c78e20915a79731c87b0ad913e1af019d5c Mon Sep 17 00:00:00 2001
From: Alexander Drozdov <al.drozdov at gmail.com>
Date: Tue, 17 Feb 2015 13:33:46 +0300
Subject: ipv4: ip_check_defrag should correctly check return value of

commit fba04a9e0c869498889b6445fd06cbe7da9bb834 upstream.

skb_copy_bits() returns zero on success and negative value on error,
so it is needed to invert the condition in ip_check_defrag().

Fixes: 1bf3751ec90c ("ipv4: ip_check_defrag must not modify skb before unsharing")
Signed-off-by: Alexander Drozdov <al.drozdov at gmail.com>
Acked-by: Eric Dumazet <edumazet at google.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
 net/ipv4/ip_fragment.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index ed32313e307c..022b5f49aab7 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -685,7 +685,7 @@ struct sk_buff *ip_check_defrag(struct sk_buff *skb, u32 user)
 	if (skb->protocol != htons(ETH_P_IP))
 		return skb;

-	if (!skb_copy_bits(skb, 0, &iph, sizeof(iph)))
+	if (skb_copy_bits(skb, 0, &iph, sizeof(iph)) < 0)
 		return skb;

 	if (iph.ihl < 5 || iph.version != 4)

More information about the kernel-team mailing list