This is a note to let you know that I've just added the patch titled vxlan: fix a use after free in vxlan_encap_bypass to the 3.17-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: vxlan-fix-a-use-after-free-in-vxlan_encap_bypass.patch and it can be found in the queue-3.17 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From foo@baz Fri Nov 7 11:36:50 PST 2014 From: Li RongQing <roy.qing.li@xxxxxxxxx> Date: Thu, 16 Oct 2014 08:49:41 +0800 Subject: vxlan: fix a use after free in vxlan_encap_bypass From: Li RongQing <roy.qing.li@xxxxxxxxx> [ Upstream commit ce6502a8f9572179f044a4d62667c4645256d6e4 ] when netif_rx() is done, the netif_rx handled skb maybe be freed, and should not be used. Signed-off-by: Li RongQing <roy.qing.li@xxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/net/vxlan.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) --- a/drivers/net/vxlan.c +++ b/drivers/net/vxlan.c @@ -1717,6 +1717,8 @@ static void vxlan_encap_bypass(struct sk struct pcpu_sw_netstats *tx_stats, *rx_stats; union vxlan_addr loopback; union vxlan_addr *remote_ip = &dst_vxlan->default_dst.remote_ip; + struct net_device *dev = skb->dev; + int len = skb->len; tx_stats = this_cpu_ptr(src_vxlan->dev->tstats); rx_stats = this_cpu_ptr(dst_vxlan->dev->tstats); @@ -1740,16 +1742,16 @@ static void vxlan_encap_bypass(struct sk u64_stats_update_begin(&tx_stats->syncp); tx_stats->tx_packets++; - tx_stats->tx_bytes += skb->len; + tx_stats->tx_bytes += len; u64_stats_update_end(&tx_stats->syncp); if (netif_rx(skb) == NET_RX_SUCCESS) { u64_stats_update_begin(&rx_stats->syncp); rx_stats->rx_packets++; - rx_stats->rx_bytes += skb->len; + rx_stats->rx_bytes += len; u64_stats_update_end(&rx_stats->syncp); } else { - skb->dev->stats.rx_dropped++; + dev->stats.rx_dropped++; } } Patches currently in stable-queue which might be from roy.qing.li@xxxxxxxxx are queue-3.17/vxlan-fix-a-use-after-free-in-vxlan_encap_bypass.patch queue-3.17/vxlan-using-pskb_may_pull-as-early-as-possible.patch queue-3.17/vxlan-fix-a-free-after-use.patch queue-3.17/ipv4-fix-a-potential-use-after-free-in-ip_tunnel_core.c.patch -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html