[linux] 01/02: Fix broken backport of "ipv6: Fix leak in ipv6_gso_segment()."

debian-kernel at lists.debian.org debian-kernel at lists.debian.org
Sun Jun 18 12:24:31 UTC 2017


This is an automated email from the git hooks/post-receive script.

benh pushed a commit to branch wheezy-security
in repository linux.

commit 9375e183ba82fc82b59001105da632e96fb1c06d
Author: Ben Hutchings <ben at decadent.org.uk>
Date:   Sun Jun 18 02:38:46 2017 +0100

    Fix broken backport of "ipv6: Fix leak in ipv6_gso_segment()."
    
    drop_skb_list() isn't exported so we can't use it in ipv6_gso_segment().
    Add the kfree_skb_list() function it actually wants.
---
 debian/changelog                                   |  1 +
 .../all/ipv6-fix-leak-in-ipv6_gso_segment.patch    |  6 +--
 .../features/all/net-add-kfree_skb_list.patch      | 56 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 4 files changed, 60 insertions(+), 4 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index e883c49..cac1031 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -78,6 +78,7 @@ linux (3.2.89-1) UNRELEASED; urgency=medium
 
   [ Ben Hutchings ]
   * ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt()
+  * net: add kfree_skb_list()
   * ipv6: Fix leak in ipv6_gso_segment().
   * Ignore ABI changes in IB
 
diff --git a/debian/patches/bugfix/all/ipv6-fix-leak-in-ipv6_gso_segment.patch b/debian/patches/bugfix/all/ipv6-fix-leak-in-ipv6_gso_segment.patch
index 873a8fb..0d0bbe8 100644
--- a/debian/patches/bugfix/all/ipv6-fix-leak-in-ipv6_gso_segment.patch
+++ b/debian/patches/bugfix/all/ipv6-fix-leak-in-ipv6_gso_segment.patch
@@ -10,9 +10,7 @@ up 'segs' because nobody else is going to.
 Fixes: 2423496af35d ("ipv6: Prevent overrun when parsing v6 header options")
 Reported-by: Ben Hutchings <ben at decadent.org.uk>
 Signed-off-by: David S. Miller <davem at davemloft.net>
-[bwh: Backported to 3.2:
- - Use skb_drop_list() instead of kfree_skb_list()
- - Adjust filename, context]
+[bwh: Backported to 3.2: adjust filename, context]
 ---
  net/ipv6/af_inet6.c | 4 +++-
  1 file changed, 3 insertions(+), 1 deletion(-)
@@ -25,7 +23,7 @@ Signed-off-by: David S. Miller <davem at davemloft.net>
  			int err = ip6_find_1stfragopt(skb, &prevhdr);
 -			if (err < 0)
 +			if (err < 0) {
-+				skb_drop_list(&segs);
++				kfree_skb_list(segs);
  				return ERR_PTR(err);
 +			}
  			fptr = (struct frag_hdr *)(skb_network_header(skb) +
diff --git a/debian/patches/features/all/net-add-kfree_skb_list.patch b/debian/patches/features/all/net-add-kfree_skb_list.patch
new file mode 100644
index 0000000..b7e3028
--- /dev/null
+++ b/debian/patches/features/all/net-add-kfree_skb_list.patch
@@ -0,0 +1,56 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Sun, 18 Jun 2017 02:36:32 +0100
+Subject: net: add kfree_skb_list()
+Forwarded: not-needed
+
+Extracted from upstream commit bd8a7036c06c "gre: fix a possible skb leak".
+
+This patch adds a kfree_skb_list() helper.
+---
+--- a/include/linux/skbuff.h
++++ b/include/linux/skbuff.h
+@@ -534,6 +534,7 @@ static inline struct rtable *skb_rtable(
+ }
+ 
+ extern void kfree_skb(struct sk_buff *skb);
++extern void kfree_skb_list(struct sk_buff *segs);
+ extern void consume_skb(struct sk_buff *skb);
+ extern void	       __kfree_skb(struct sk_buff *skb);
+ extern struct sk_buff *__alloc_skb(unsigned int size,
+--- a/net/core/skbuff.c
++++ b/net/core/skbuff.c
+@@ -277,15 +277,8 @@ EXPORT_SYMBOL(dev_alloc_skb);
+ 
+ static void skb_drop_list(struct sk_buff **listp)
+ {
+-	struct sk_buff *list = *listp;
+-
++	kfree_skb_list(*listp);
+ 	*listp = NULL;
+-
+-	do {
+-		struct sk_buff *this = list;
+-		list = list->next;
+-		kfree_skb(this);
+-	} while (list);
+ }
+ 
+ static inline void skb_drop_fraglist(struct sk_buff *skb)
+@@ -436,6 +429,17 @@ void kfree_skb(struct sk_buff *skb)
+ }
+ EXPORT_SYMBOL(kfree_skb);
+ 
++void kfree_skb_list(struct sk_buff *segs)
++{
++	while (segs) {
++		struct sk_buff *next = segs->next;
++
++		kfree_skb(segs);
++		segs = next;
++	}
++}
++EXPORT_SYMBOL(kfree_skb_list);
++
+ /**
+  *	consume_skb - free an skbuff
+  *	@skb: buffer to free
diff --git a/debian/patches/series b/debian/patches/series
index c509b9b..a1c18c3 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1108,6 +1108,7 @@ bugfix/all/KEYS-Don-t-permit-request_key-to-construct-a-new-key.patch
 bugfix/all/ecryptfs-fix-handling-of-directory-opening.patch
 bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch
 bugfix/all/ipv6-xfrm-handle-errors-reported-by-xfrm6_find_1stfr.patch
+features/all/net-add-kfree_skb_list.patch
 bugfix/all/ipv6-fix-leak-in-ipv6_gso_segment.patch
 
 # ABI maintenance

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git



More information about the Kernel-svn-changes mailing list