projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b7a4609)
tun: use sk_fullsock() before reading sk->sk_tsflags
authorEric Dumazet <edumazet@google.com>
Fri, 9 Oct 2015 22:42:21 +0000 (15:42 -0700)
committerDavid S. Miller <davem@davemloft.net>
Tue, 13 Oct 2015 02:45:48 +0000 (19:45 -0700)
timewait or request sockets are small and do not contain sk->sk_tsflags

Without this fix, we might read garbage, and crash later in

__skb_complete_tx_timestamp()
 -> sock_queue_err_skb()

(These pseudo sockets do not have an error queue either)

Fixes: ca6fb0651883 ("tcp: attach SYNACK messages to request sockets instead of listener")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Willem de Bruijn <willemb@google.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
drivers/net/tun.c patch | blob | blame | history

diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index 976aa97042972880679ae61fa6fa9f90f12b51b1..b1878faea3974f6ae984763109edae78c4cd3342 100644 (file)
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -858,7 +858,7 @@ static netdev_tx_t tun_net_xmit(struct sk_buff *skb, struct net_device *dev)
        if (unlikely(skb_orphan_frags(skb, GFP_ATOMIC)))
                goto drop;
 
-       if (skb->sk) {
+       if (skb->sk && sk_fullsock(skb->sk)) {
                sock_tx_timestamp(skb->sk, &skb_shinfo(skb)->tx_flags);
                sw_tx_timestamp(skb);
        }