android/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

skbuff: Fix nfct leak on napi stolen

Browse Source 
Upstream commit [0] had fixed this issue, and backported to kernel 5.10.54.
However, nf_reset_ct() added in skb_release_head_state() instead of
napi_skb_free_stolen_head(), which lead to leakage still exist in 5.10.

[0] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8550ff8d8c75416e984d9c4b082845e57e560984

Fixes: 570341f10e ("skbuff: Release nfct refcount on napi stolen or re-used skbs"))
Signed-off-by: Tao Liu <taoliu828@163.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Tao Liu 2023-03-14 20:10:17 +08:00 committed by Greg Kroah-Hartman
parent a4932a2c54
commit c53d50d808
2 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
net/core/dev.c
View File

@ -6111,6 +6111,7 @@ EXPORT_SYMBOL(gro_find_complete_by_type);
static void napi_skb_free_stolen_head(struct sk_buff *skb)
{
nf_reset_ct(skb);
skb_dst_drop(skb);
skb_ext_put(skb);
kmem_cache_free(skbuff_head_cache, skb);

1
net/core/skbuff.c
View File

@ -659,7 +659,6 @@ static void kfree_skbmem(struct sk_buff *skb)
void skb_release_head_state(struct sk_buff *skb)
{
nf_reset_ct(skb);
skb_dst_drop(skb);
if (skb->destructor) {
WARN_ON(in_irq());