Re: [PATCH AUTOSEL 5.1 011/375] ip6: fix skb leak in ip6frag_expire_frag_queue()

From: Sasha Levin
Date: Wed May 29 2019 - 14:52:09 EST


On Thu, May 23, 2019 at 09:47:23AM +0200, Stefan Bader wrote:
On 22.05.19 21:15, Sasha Levin wrote:
From: Eric Dumazet <edumazet@xxxxxxxxxx>

[ Upstream commit 47d3d7fdb10a21c223036b58bd70ffdc24a472c4 ]

Since ip6frag_expire_frag_queue() now pulls the head skb
from frag queue, we should no longer use skb_get(), since
this leads to an skb leak.

Stefan Bader initially reported a problem in 4.4.stable [1] caused
by the skb_get(), so this patch should also fix this issue.

Just to let everybody know, while changing this has fixed the BUG_ON problem
while sending (in 4.4) it now crashes when releasing just a little later.
Still feels like the right direction but not complete, yet.

mhm, this commit is really under David's domain, it squeezed through my
filters as it doesn't actually touch net/. I'll drop it for now.

--
Thanks,
Sasha