* Patch "net: Fix skb csum races when peeking" has been added to the 3.14-stable tree
@ 2015-09-26 19:21 gregkh
0 siblings, 0 replies; only message in thread
From: gregkh @ 2015-09-26 19:21 UTC (permalink / raw)
To: herbert, davem, edumazet, gregkh; +Cc: stable, stable-commits
This is a note to let you know that I've just added the patch titled
net: Fix skb csum races when peeking
to the 3.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
net-fix-skb-csum-races-when-peeking.patch
and it can be found in the queue-3.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From foo@baz Sat Sep 26 11:19:08 PDT 2015
From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Mon, 13 Jul 2015 20:01:42 +0800
Subject: net: Fix skb csum races when peeking
From: Herbert Xu <herbert@gondor.apana.org.au>
[ Upstream commit 89c22d8c3b278212eef6a8cc66b570bc840a6f5a ]
When we calculate the checksum on the recv path, we store the
result in the skb as an optimisation in case we need the checksum
again down the line.
This is in fact bogus for the MSG_PEEK case as this is done without
any locking. So multiple threads can peek and then store the result
to the same skb, potentially resulting in bogus skb states.
This patch fixes this by only storing the result if the skb is not
shared. This preserves the optimisations for the few cases where
it can be done safely due to locking or other reasons, e.g., SIOCINQ.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/core/datagram.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/net/core/datagram.c
+++ b/net/core/datagram.c
@@ -777,7 +777,8 @@ __sum16 __skb_checksum_complete_head(str
if (likely(!sum)) {
if (unlikely(skb->ip_summed == CHECKSUM_COMPLETE))
netdev_rx_csum_fault(skb->dev);
- skb->ip_summed = CHECKSUM_UNNECESSARY;
+ if (!skb_shared(skb))
+ skb->ip_summed = CHECKSUM_UNNECESSARY;
}
return sum;
}
Patches currently in stable-queue which might be from herbert@gondor.apana.org.au are
queue-3.14/net-fix-skb_set_peeked-use-after-free-bug.patch
queue-3.14/ipv6-lock-socket-in-ip6_datagram_connect.patch
queue-3.14/net-fix-skb-csum-races-when-peeking.patch
queue-3.14/net-clone-skb-before-setting-peeked-flag.patch
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2015-09-26 19:21 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-09-26 19:21 Patch "net: Fix skb csum races when peeking" has been added to the 3.14-stable tree gregkh
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).