From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Tariq Toukan <tariqt@mellanox.com>,
Willem de Bruijn <willemb@google.com>,
Soheil Hassas Yeganeh <soheil@google.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.9 18/31] packet: fix reserve calculation
Date: Tue, 12 Jun 2018 18:46:21 +0200 [thread overview]
Message-ID: <20180612164621.514099465@linuxfoundation.org> (raw)
In-Reply-To: <20180612164620.797338191@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Willem de Bruijn <willemb@google.com>
[ Upstream commit 9aad13b087ab0a588cd68259de618f100053360e ]
Commit b84bbaf7a6c8 ("packet: in packet_snd start writing at link
layer allocation") ensures that packet_snd always starts writing
the link layer header in reserved headroom allocated for this
purpose.
This is needed because packets may be shorter than hard_header_len,
in which case the space up to hard_header_len may be zeroed. But
that necessary padding is not accounted for in skb->len.
The fix, however, is buggy. It calls skb_push, which grows skb->len
when moving skb->data back. But in this case packet length should not
change.
Instead, call skb_reserve, which moves both skb->data and skb->tail
back, without changing length.
Fixes: b84bbaf7a6c8 ("packet: in packet_snd start writing at link layer allocation")
Reported-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Acked-by: Soheil Hassas Yeganeh <soheil@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/packet/af_packet.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -2918,7 +2918,7 @@ static int packet_snd(struct socket *soc
if (unlikely(offset < 0))
goto out_free;
} else if (reserve) {
- skb_push(skb, reserve);
+ skb_reserve(skb, -reserve);
}
/* Returns -EFAULT on error */
next prev parent reply other threads:[~2018-06-12 16:47 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-12 16:46 [PATCH 4.9 00/31] 4.9.108-stable review Greg Kroah-Hartman
2018-06-12 16:46 ` [PATCH 4.9 01/31] tpm: do not suspend/resume if power stays on Greg Kroah-Hartman
2018-06-12 16:46 ` [PATCH 4.9 02/31] tpm: self test failure should not cause suspend to fail Greg Kroah-Hartman
2018-06-12 16:46 ` Greg Kroah-Hartman
2018-06-12 16:46 ` [PATCH 4.9 03/31] mmap: introduce sane default mmap limits Greg Kroah-Hartman
2018-06-12 16:46 ` [PATCH 4.9 04/31] mmap: relax file size limit for regular files Greg Kroah-Hartman
2018-06-12 16:46 ` [PATCH 4.9 05/31] btrfs: define SUPER_FLAG_METADUMP_V2 Greg Kroah-Hartman
2018-06-12 16:46 ` [PATCH 4.9 07/31] drm: set FMODE_UNSIGNED_OFFSET for drm files Greg Kroah-Hartman
2018-06-12 16:46 ` [PATCH 4.9 08/31] bnx2x: use the right constant Greg Kroah-Hartman
2018-06-12 16:46 ` [PATCH 4.9 09/31] dccp: dont free ccid2_hc_tx_sock struct in dccp_disconnect() Greg Kroah-Hartman
2018-06-12 16:46 ` [PATCH 4.9 10/31] enic: set DMA mask to 47 bit Greg Kroah-Hartman
2018-06-12 16:46 ` [PATCH 4.9 11/31] ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds Greg Kroah-Hartman
2018-06-12 16:46 ` [PATCH 4.9 12/31] ipv4: remove warning in ip_recv_error Greg Kroah-Hartman
2018-06-12 16:46 ` [PATCH 4.9 13/31] isdn: eicon: fix a missing-check bug Greg Kroah-Hartman
2018-06-12 16:46 ` [PATCH 4.9 14/31] kcm: Fix use-after-free caused by clonned sockets Greg Kroah-Hartman
2018-06-12 16:46 ` [PATCH 4.9 15/31] netdev-FAQ: clarify DaveMs position for stable backports Greg Kroah-Hartman
2018-06-12 16:46 ` [PATCH 4.9 16/31] net/packet: refine check for priv area size Greg Kroah-Hartman
2018-06-12 16:46 ` Greg Kroah-Hartman [this message]
2018-06-12 16:46 ` [PATCH 4.9 19/31] qed: Fix mask for physical address in ILT entry Greg Kroah-Hartman
2018-06-12 16:46 ` [PATCH 4.9 20/31] sctp: not allow transport timeout value less than HZ/5 for hb_timer Greg Kroah-Hartman
2018-06-12 16:46 ` [PATCH 4.9 21/31] team: use netdev_features_t instead of u32 Greg Kroah-Hartman
2018-06-12 16:46 ` [PATCH 4.9 22/31] vhost: synchronize IOTLB message with dev cleanup Greg Kroah-Hartman
2018-06-12 16:46 ` [PATCH 4.9 23/31] vrf: check the original netdevice for generating redirect Greg Kroah-Hartman
2018-06-12 16:46 ` [PATCH 4.9 24/31] net/mlx4: Fix irq-unsafe spinlock usage Greg Kroah-Hartman
2018-06-12 16:46 ` [PATCH 4.9 25/31] rtnetlink: validate attributes in do_setlink() Greg Kroah-Hartman
2018-06-12 16:46 ` [PATCH 4.9 26/31] net: phy: broadcom: Fix bcm_write_exp() Greg Kroah-Hartman
2018-06-12 16:46 ` [PATCH 4.9 27/31] net: metrics: add proper netlink validation Greg Kroah-Hartman
2018-06-12 16:46 ` [PATCH 4.9 28/31] KVM: VMX: Expose SSBD properly to guests, 4.9 supplement Greg Kroah-Hartman
2018-06-12 16:46 ` [PATCH 4.9 29/31] dm bufio: avoid false-positive Wmaybe-uninitialized warning Greg Kroah-Hartman
2018-06-12 16:46 ` [PATCH 4.9 30/31] objtool: Fix gcov check for older versions of GCC Greg Kroah-Hartman
2018-06-12 17:10 ` [PATCH 4.9 00/31] 4.9.108-stable review Nathan Chancellor
2018-06-12 17:45 ` Greg Kroah-Hartman
2018-06-12 20:58 ` Shuah Khan
2018-06-13 4:41 ` Greg Kroah-Hartman
2018-06-13 13:49 ` Guenter Roeck
2018-06-13 14:13 ` Rafael Tinoco
2018-06-13 14:42 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180612164621.514099465@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=soheil@google.com \
--cc=stable@vger.kernel.org \
--cc=tariqt@mellanox.com \
--cc=willemb@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.