summaryrefslogtreecommitdiff
path: root/net/core/skbuff.c
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2017-07-23 20:54:47 +0300
committerDavid S. Miller <davem@davemloft.net>2017-07-25 02:27:08 +0300
commita28b1b90de8322ecc45d58f1c08da12197dad17f (patch)
tree49bc180709a0af274935ef2216ed0041fe04e579 /net/core/skbuff.c
parentba3fb1022154d93fe71ee78e28e195207d511bc0 (diff)
downloadlinux-a28b1b90de8322ecc45d58f1c08da12197dad17f.tar.xz
skbuff: re-add check for NULL skb->head in kfree_skb path
A null check is needed after all. netlink skbs can have skb->head be backed by vmalloc. The netlink destructor vfree()s head, then sets it to NULL. We then panic in skb_release_data with a NULL dereference. Re-add such a test. Alternative would be to switch to kvfree to free skb->head memory and remove the special handling in netlink destructor. Reported-by: kernel test robot <fengguang.wu@intel.com> Fixes: 06dc75ab06943 ("net: Revert "net: add function to allocate sk_buff head without data area") Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/core/skbuff.c')
-rw-r--r--net/core/skbuff.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 84bdfa229b0d..c27da51d14e4 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -638,7 +638,8 @@ void skb_release_head_state(struct sk_buff *skb)
static void skb_release_all(struct sk_buff *skb)
{
skb_release_head_state(skb);
- skb_release_data(skb);
+ if (likely(skb->head))
+ skb_release_data(skb);
}
/**