From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 17 Sep 2020 15:24:29 +0000 (+0200)
Subject: 4.9-stable patches
X-Git-Tag: v4.4.237~49
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fe5a1b20ce3666e22315848eb346615a87976a67;p=thirdparty%2Fkernel%2Fstable-queue.git

4.9-stable patches

added patches:
	net-handle-the-return-value-of-pskb_carve_frag_list-correctly.patch
---

diff --git a/queue-4.9/net-handle-the-return-value-of-pskb_carve_frag_list-correctly.patch b/queue-4.9/net-handle-the-return-value-of-pskb_carve_frag_list-correctly.patch
new file mode 100644
index 00000000000..3baeb68003d
--- /dev/null
+++ b/queue-4.9/net-handle-the-return-value-of-pskb_carve_frag_list-correctly.patch
@@ -0,0 +1,40 @@
+From eabe861881a733fc84f286f4d5a1ffaddd4f526f Mon Sep 17 00:00:00 2001
+From: Miaohe Lin <linmiaohe@huawei.com>
+Date: Sat, 15 Aug 2020 04:46:41 -0400
+Subject: net: handle the return value of pskb_carve_frag_list() correctly
+
+From: Miaohe Lin <linmiaohe@huawei.com>
+
+commit eabe861881a733fc84f286f4d5a1ffaddd4f526f upstream.
+
+pskb_carve_frag_list() may return -ENOMEM in pskb_carve_inside_nonlinear().
+we should handle this correctly or we would get wrong sk_buff.
+
+Fixes: 6fa01ccd8830 ("skbuff: Add pskb_extract() helper function")
+Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/core/skbuff.c |   10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+--- a/net/core/skbuff.c
++++ b/net/core/skbuff.c
+@@ -4990,9 +4990,13 @@ static int pskb_carve_inside_nonlinear(s
+ 	if (skb_has_frag_list(skb))
+ 		skb_clone_fraglist(skb);
+ 
+-	if (k == 0) {
+-		/* split line is in frag list */
+-		pskb_carve_frag_list(skb, shinfo, off - pos, gfp_mask);
++	/* split line is in frag list */
++	if (k == 0 && pskb_carve_frag_list(skb, shinfo, off - pos, gfp_mask)) {
++		/* skb_frag_unref() is not needed here as shinfo->nr_frags = 0. */
++		if (skb_has_frag_list(skb))
++			kfree_skb_list(skb_shinfo(skb)->frag_list);
++		kfree(data);
++		return -ENOMEM;
+ 	}
+ 	skb_release_data(skb);
+ 
diff --git a/queue-4.9/series b/queue-4.9/series
index 9fc29bd4058..5882b85c036 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -45,3 +45,4 @@ usb-fix-out-of-sync-data-toggle-if-a-configured-device-is-reconfigured.patch
 ib-rxe-remove-a-pointless-indirection-layer.patch
 rdma-rxe-fix-the-parent-sysfs-read-when-the-interfac.patch
 gcov-add-support-for-gcc-10.1.patch
+net-handle-the-return-value-of-pskb_carve_frag_list-correctly.patch