projects / linux-2.6-block.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 80b3671) | patch
sched: Avoid dereferencing skb pointer after child enqueue
authorToke Høiland-Jørgensen <toke@redhat.com>
Wed, 9 Jan 2019 16:09:42 +0000 (17:09 +0100)
committerDavid S. Miller <davem@davemloft.net>
Wed, 16 Jan 2019 04:12:00 +0000 (20:12 -0800)
commitf6bab199315b70fd83fe3ee0947bc84c7a35f3d4
treec662d696e0bfe2ee2be86cbdf0da095d9d6389batree | snapshot
parent80b3671e9377916bf2b02e56113fa7377ce5705acommit | diff
sched: Avoid dereferencing skb pointer after child enqueue

Parent qdiscs may dereference the pointer to the enqueued skb after
enqueue. However, both CAKE and TBF call consume_skb() on the original skb
when splitting GSO packets, leading to a potential use-after-free in the
parent. Fix this by avoiding dereferencing the skb pointer after enqueueing
to the child.

Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/sched/sch_cbs.c diff | blob | blame | history
net/sched/sch_drr.c diff | blob | blame | history
net/sched/sch_dsmark.c diff | blob | blame | history
net/sched/sch_hfsc.c diff | blob | blame | history
net/sched/sch_htb.c diff | blob | blame | history
net/sched/sch_prio.c diff | blob | blame | history
net/sched/sch_qfq.c diff | blob | blame | history
net/sched/sch_tbf.c diff | blob | blame | history
Linux 6.x block layer and io_uring tree(s)