[linux] 01/02: Fix broken backport of "ipv6: Fix leak in ipv6_gso_segment()."
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Sun Jun 18 12:24:31 UTC 2017
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch wheezy-security
in repository linux.
commit 9375e183ba82fc82b59001105da632e96fb1c06d
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Sun Jun 18 02:38:46 2017 +0100
Fix broken backport of "ipv6: Fix leak in ipv6_gso_segment()."
drop_skb_list() isn't exported so we can't use it in ipv6_gso_segment().
Add the kfree_skb_list() function it actually wants.
---
debian/changelog | 1 +
.../all/ipv6-fix-leak-in-ipv6_gso_segment.patch | 6 +--
.../features/all/net-add-kfree_skb_list.patch | 56 ++++++++++++++++++++++
debian/patches/series | 1 +
4 files changed, 60 insertions(+), 4 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index e883c49..cac1031 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -78,6 +78,7 @@ linux (3.2.89-1) UNRELEASED; urgency=medium
[ Ben Hutchings ]
* ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt()
+ * net: add kfree_skb_list()
* ipv6: Fix leak in ipv6_gso_segment().
* Ignore ABI changes in IB
diff --git a/debian/patches/bugfix/all/ipv6-fix-leak-in-ipv6_gso_segment.patch b/debian/patches/bugfix/all/ipv6-fix-leak-in-ipv6_gso_segment.patch
index 873a8fb..0d0bbe8 100644
--- a/debian/patches/bugfix/all/ipv6-fix-leak-in-ipv6_gso_segment.patch
+++ b/debian/patches/bugfix/all/ipv6-fix-leak-in-ipv6_gso_segment.patch
@@ -10,9 +10,7 @@ up 'segs' because nobody else is going to.
Fixes: 2423496af35d ("ipv6: Prevent overrun when parsing v6 header options")
Reported-by: Ben Hutchings <ben at decadent.org.uk>
Signed-off-by: David S. Miller <davem at davemloft.net>
-[bwh: Backported to 3.2:
- - Use skb_drop_list() instead of kfree_skb_list()
- - Adjust filename, context]
+[bwh: Backported to 3.2: adjust filename, context]
---
net/ipv6/af_inet6.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
@@ -25,7 +23,7 @@ Signed-off-by: David S. Miller <davem at davemloft.net>
int err = ip6_find_1stfragopt(skb, &prevhdr);
- if (err < 0)
+ if (err < 0) {
-+ skb_drop_list(&segs);
++ kfree_skb_list(segs);
return ERR_PTR(err);
+ }
fptr = (struct frag_hdr *)(skb_network_header(skb) +
diff --git a/debian/patches/features/all/net-add-kfree_skb_list.patch b/debian/patches/features/all/net-add-kfree_skb_list.patch
new file mode 100644
index 0000000..b7e3028
--- /dev/null
+++ b/debian/patches/features/all/net-add-kfree_skb_list.patch
@@ -0,0 +1,56 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Sun, 18 Jun 2017 02:36:32 +0100
+Subject: net: add kfree_skb_list()
+Forwarded: not-needed
+
+Extracted from upstream commit bd8a7036c06c "gre: fix a possible skb leak".
+
+This patch adds a kfree_skb_list() helper.
+---
+--- a/include/linux/skbuff.h
++++ b/include/linux/skbuff.h
+@@ -534,6 +534,7 @@ static inline struct rtable *skb_rtable(
+ }
+
+ extern void kfree_skb(struct sk_buff *skb);
++extern void kfree_skb_list(struct sk_buff *segs);
+ extern void consume_skb(struct sk_buff *skb);
+ extern void __kfree_skb(struct sk_buff *skb);
+ extern struct sk_buff *__alloc_skb(unsigned int size,
+--- a/net/core/skbuff.c
++++ b/net/core/skbuff.c
+@@ -277,15 +277,8 @@ EXPORT_SYMBOL(dev_alloc_skb);
+
+ static void skb_drop_list(struct sk_buff **listp)
+ {
+- struct sk_buff *list = *listp;
+-
++ kfree_skb_list(*listp);
+ *listp = NULL;
+-
+- do {
+- struct sk_buff *this = list;
+- list = list->next;
+- kfree_skb(this);
+- } while (list);
+ }
+
+ static inline void skb_drop_fraglist(struct sk_buff *skb)
+@@ -436,6 +429,17 @@ void kfree_skb(struct sk_buff *skb)
+ }
+ EXPORT_SYMBOL(kfree_skb);
+
++void kfree_skb_list(struct sk_buff *segs)
++{
++ while (segs) {
++ struct sk_buff *next = segs->next;
++
++ kfree_skb(segs);
++ segs = next;
++ }
++}
++EXPORT_SYMBOL(kfree_skb_list);
++
+ /**
+ * consume_skb - free an skbuff
+ * @skb: buffer to free
diff --git a/debian/patches/series b/debian/patches/series
index c509b9b..a1c18c3 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1108,6 +1108,7 @@ bugfix/all/KEYS-Don-t-permit-request_key-to-construct-a-new-key.patch
bugfix/all/ecryptfs-fix-handling-of-directory-opening.patch
bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch
bugfix/all/ipv6-xfrm-handle-errors-reported-by-xfrm6_find_1stfr.patch
+features/all/net-add-kfree_skb_list.patch
bugfix/all/ipv6-fix-leak-in-ipv6_gso_segment.patch
# ABI maintenance
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list