Use committed version of CVE-2014-2568 fix
svn path=/dists/trunk/linux/; revision=21199
This commit is contained in:
parent
8144eb1409
commit
6d12c5fb76
|
@ -1,7 +1,8 @@
|
|||
Subject: [v4] core, nfqueue, openvswitch: Orphan frags in skb_zerocopy and handle errors
|
||||
From: Zoltan Kiss <zoltan.kiss@citrix.com>
|
||||
Date: Fri, 21 Mar 2014 10:31:34 +0000
|
||||
Origin: https://patchwork.ozlabs.org/patch/332544/
|
||||
Date: Wed, 26 Mar 2014 22:37:45 +0000
|
||||
Subject: core, nfqueue, openvswitch: Orphan frags in skb_zerocopy and handle
|
||||
errors
|
||||
Origin: https://git.kernel.org/linus/36d5fe6a000790f56039afe26834265db0a3ad4c
|
||||
|
||||
skb_zerocopy can copy elements of the frags array between skbs, but it doesn't
|
||||
orphan them. Also, it doesn't handle errors, so this patch takes care of that
|
||||
|
@ -10,25 +11,31 @@ the callers so they will signal the failed delivery towards the creator of the
|
|||
skb.
|
||||
|
||||
Signed-off-by: Zoltan Kiss <zoltan.kiss@citrix.com>
|
||||
Acked-by: Thomas Graf <tgraf@redhat.com>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
include/linux/skbuff.h | 4 ++--
|
||||
net/core/skbuff.c | 27 ++++++++++++++++++++-------
|
||||
net/netfilter/nfnetlink_queue_core.c | 9 +++++++--
|
||||
net/openvswitch/datapath.c | 6 +++++-
|
||||
4 files changed, 34 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
|
||||
index 03db95a..35c4e85 100644
|
||||
index 5e1e6f2..15ede6a 100644
|
||||
--- a/include/linux/skbuff.h
|
||||
+++ b/include/linux/skbuff.h
|
||||
@@ -2508,8 +2508,8 @@ int skb_splice_bits(struct sk_buff *skb, unsigned int offset,
|
||||
@@ -2451,8 +2451,8 @@ int skb_splice_bits(struct sk_buff *skb, unsigned int offset,
|
||||
unsigned int flags);
|
||||
void skb_copy_and_csum_dev(const struct sk_buff *skb, u8 *to);
|
||||
unsigned int skb_zerocopy_headlen(const struct sk_buff *from);
|
||||
-void skb_zerocopy(struct sk_buff *to, const struct sk_buff *from,
|
||||
- int len, int hlen);
|
||||
+int skb_zerocopy(struct sk_buff *to, const struct sk_buff *from,
|
||||
+int skb_zerocopy(struct sk_buff *to, struct sk_buff *from,
|
||||
+ int len, int hlen);
|
||||
void skb_split(struct sk_buff *skb, struct sk_buff *skb1, const u32 len);
|
||||
int skb_shift(struct sk_buff *tgt, struct sk_buff *skb, int shiftlen);
|
||||
void skb_scrub_packet(struct sk_buff *skb, bool xnet);
|
||||
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
|
||||
index 3f14c63..4cf0ee5 100644
|
||||
index 869c7af..97e5a2c 100644
|
||||
--- a/net/core/skbuff.c
|
||||
+++ b/net/core/skbuff.c
|
||||
@@ -2127,25 +2127,31 @@ EXPORT_SYMBOL_GPL(skb_zerocopy_headlen);
|
||||
|
@ -42,8 +49,9 @@ index 3f14c63..4cf0ee5 100644
|
|||
+ * -EFAULT: skb_copy_bits() found some problem with skb geometry
|
||||
*/
|
||||
-void
|
||||
-skb_zerocopy(struct sk_buff *to, const struct sk_buff *from, int len, int hlen)
|
||||
+int
|
||||
skb_zerocopy(struct sk_buff *to, const struct sk_buff *from, int len, int hlen)
|
||||
+skb_zerocopy(struct sk_buff *to, struct sk_buff *from, int len, int hlen)
|
||||
{
|
||||
int i, j = 0;
|
||||
int plen = 0; /* length of skb->head fragment */
|
||||
|
@ -130,7 +138,7 @@ index f072fe8..108120f 100644
|
|||
net_err_ratelimited("nf_queue: error creating packet message\n");
|
||||
return NULL;
|
||||
diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c
|
||||
index c53fe0c..9230223 100644
|
||||
index 8601b32..270b77d 100644
|
||||
--- a/net/openvswitch/datapath.c
|
||||
+++ b/net/openvswitch/datapath.c
|
||||
@@ -464,7 +464,9 @@ static int queue_userspace_packet(struct datapath *dp, struct sk_buff *skb,
|
||||
|
|
Loading…
Reference in New Issue