From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752805AbbLNRQM (ORCPT <rfc822;w@1wt.eu>);
	Mon, 14 Dec 2015 12:16:12 -0500
Received: from aserp1040.oracle.com ([141.146.126.69]:21256 "EHLO
	aserp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751580AbbLNRQK (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Mon, 14 Dec 2015 12:16:10 -0500
Subject: Re: Bad backport of "net: Fix skb_set_peeked use-after-free bug" in
 3.18.23
To: Paul Mackerras <paulus@ozlabs.org>, linux-kernel@vger.kernel.org
References: <20151214024426.GA23275@iris.ozlabs.ibm.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
        "David S. Miller" <davem@davemloft.net>, stable@vger.kernel.org
From: Sasha Levin <sasha.levin@oracle.com>
X-Enigmail-Draft-Status: N1110
Message-ID: <566EF943.9070501@oracle.com>
Date: Mon, 14 Dec 2015 12:15:47 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <20151214024426.GA23275@iris.ozlabs.ibm.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
X-Source-IP: userv0021.oracle.com [156.151.31.71]
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 12/13/2015 09:44 PM, Paul Mackerras wrote:
> Commit d9a1133495b4 ("net: Fix skb_set_peeked use-after-free bug") in
> 3.18.23 claims to be a backport of commit a0a2a6602496, but in fact
> the patch is identical to commit 738ac1ebb96d ("net: Clone skb before
> setting peeked flag"), which is the commit that introduces the
> use-after-free bug that a0a2a6602496 fixes.
> 
> The result is that we have been seeing crashes in __skb_recv_datagram
> since I merged v3.18.24 into the kernel code we are using for a
> product.  Could someone fix this with an actual backport of
> a0a2a6602496 please?

Sorry about that, looks like my script has gone haywire :/

I've fixed it, pushed queue and will ship tomorrow after testing.


Thanks,
Sasha