Hi, haven't seen commit > From 5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4 Mon Sep 17 00:00:00 2001 > From: Andrey Konovalov <andreyknvl@xxxxxxxxxx> > Date: Thu, 16 Feb 2017 17:22:46 +0100 > Subject: dccp: fix freeing skb too early for IPV6_RECVPKTINFO > > In the current DCCP implementation an skb for a DCCP_PKT_REQUEST packet > is forcibly freed via __kfree_skb in dccp_rcv_state_process if > dccp_v6_conn_request successfully returns. > > However, if IPV6_RECVPKTINFO is set on a socket, the address of the skb > is saved to ireq->pktopts and the ref count for skb is incremented in > dccp_v6_conn_request, so skb is still in use. Nevertheless, it gets freed > in dccp_rcv_state_process. > > Fix by calling consume_skb instead of doing goto discard and therefore > calling __kfree_skb. > > Similar fixes for TCP: > > fb7e2399ec17f1004c0e0ccfd17439f8759ede01 [TCP]: skb is unexpectedly freed. > 0aea76d35c9651d55bbaf746e7914e5f9ae5a25d tcp: SYN packets are now > simply consumed > > Signed-off-by: Andrey Konovalov <andreyknvl@xxxxxxxxxx> > Acked-by: Eric Dumazet <edumazet@xxxxxxxxxx> > Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> in recent LTS kernel releases (3.2.85, 3.16.40, 4.4.51, 4.9.12...) nor found any information that this patch is queued. Could you please cherry-pick? Thanks! -- Regards, Thomas
Attachment:
signature.asc
Description: OpenPGP digital signature