Patch "skbuff: Fix nfct leak on napi stolen" has been added to the 5.10-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is a note to let you know that I've just added the patch titled

    skbuff: Fix nfct leak on napi stolen

to the 5.10-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     skbuff-fix-nfct-leak-on-napi-stolen.patch
and it can be found in the queue-5.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From taoliu828@xxxxxxx  Wed Mar 15 08:41:51 2023
From: Tao Liu <taoliu828@xxxxxxx>
Date: Tue, 14 Mar 2023 20:10:17 +0800
Subject: skbuff: Fix nfct leak on napi stolen
To: paulb@xxxxxxxxxx, roid@xxxxxxxxxx, davem@xxxxxxxxxxxxx, kuba@xxxxxxxxxx, gregkh@xxxxxxxxxxxxxxxxxxx
Cc: netdev@xxxxxxxxxxxxxxx, taoliu828@xxxxxxx
Message-ID: <20230314121017.1929515-1-taoliu828@xxxxxxx>

From: Tao Liu <taoliu828@xxxxxxx>

Upstream commit [0] had fixed this issue, and backported to kernel 5.10.54.
However, nf_reset_ct() added in skb_release_head_state() instead of
napi_skb_free_stolen_head(), which lead to leakage still exist in 5.10.

[0] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8550ff8d8c75416e984d9c4b082845e57e560984

Fixes: 570341f10ecc ("skbuff: Release nfct refcount on napi stolen or re-used skbs"))
Signed-off-by: Tao Liu <taoliu828@xxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 net/core/dev.c    |    1 +
 net/core/skbuff.c |    1 -
 2 files changed, 1 insertion(+), 1 deletion(-)

--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -6111,6 +6111,7 @@ EXPORT_SYMBOL(gro_find_complete_by_type)
 
 static void napi_skb_free_stolen_head(struct sk_buff *skb)
 {
+	nf_reset_ct(skb);
 	skb_dst_drop(skb);
 	skb_ext_put(skb);
 	kmem_cache_free(skbuff_head_cache, skb);
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -659,7 +659,6 @@ fastpath:
 
 void skb_release_head_state(struct sk_buff *skb)
 {
-	nf_reset_ct(skb);
 	skb_dst_drop(skb);
 	if (skb->destructor) {
 		WARN_ON(in_irq());


Patches currently in stable-queue which might be from taoliu828@xxxxxxx are

queue-5.10/skbuff-fix-nfct-leak-on-napi-stolen.patch
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux