From: David Miller <davem@davemloft.net>
To: herbert@gondor.apana.org.au
Cc: khlebnikov@yandex-team.ru, netdev@vger.kernel.org, edumazet@google.com
Subject: Re: net: Clone skb before setting peeked flag
Date: Wed, 15 Jul 2015 16:13:43 -0700 (PDT) [thread overview]
Message-ID: <20150715.161343.936469507696734723.davem@davemloft.net> (raw)
In-Reply-To: <20150713080413.GA8901@gondor.apana.org.au>
From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Mon, 13 Jul 2015 16:04:13 +0800
> Shared skbs must not be modified and this is crucial for broadcast
> and/or multicast paths where we use it as an optimisation to avoid
> unnecessary cloning.
>
> The function skb_recv_datagram breaks this rule by setting peeked
> without cloning the skb first. This causes funky races which leads
> to double-free.
>
> This patch fixes this by cloning the skb and replacing the skb
> in the list when setting skb->peeked.
>
> Fixes: a59322be07c9 ("[UDP]: Only increment counter on first peek/recv")
> Reported-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Applied and queued up for -stable.
next prev parent reply other threads:[~2015-07-15 23:13 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-10 11:51 [PATCH] netlink: enable skb header refcounting before sending first broadcast Konstantin Khlebnikov
2015-07-10 13:49 ` Eric Dumazet
2015-07-10 14:08 ` Konstantin Khlebnikov
2015-07-13 7:23 ` Herbert Xu
2015-07-13 8:04 ` net: Clone skb before setting peeked flag Herbert Xu
2015-07-15 23:13 ` David Miller [this message]
2015-07-13 8:05 ` [PATCH] netlink: enable skb header refcounting before sending first broadcast Eric Dumazet
2015-07-13 8:10 ` Herbert Xu
2015-07-13 8:22 ` Eric Dumazet
2015-07-13 8:25 ` Herbert Xu
2015-07-13 8:28 ` Eric Dumazet
2015-07-13 8:31 ` Herbert Xu
2015-07-13 12:01 ` net: Fix skb csum races when peeking Herbert Xu
2015-07-13 14:25 ` Herbert Xu
2015-07-14 6:11 ` Eric Dumazet
2015-07-15 23:14 ` David Miller
2015-07-13 8:54 ` [PATCH] netlink: enable skb header refcounting before sending first broadcast Konstantin Khlebnikov
2015-07-13 9:04 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150715.161343.936469507696734723.davem@davemloft.net \
--to=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=herbert@gondor.apana.org.au \
--cc=khlebnikov@yandex-team.ru \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).