Re: [PATCH net] udp: drop skb extensions before marking skb stateless

From: David Miller
Date: Thu Nov 21 2019 - 18:04:06 EST


From: Florian Westphal <fw@xxxxxxxxx>
Date: Thu, 21 Nov 2019 06:56:23 +0100

> Once udp stack has set the UDP_SKB_IS_STATELESS flag, later skb free
> assumes all skb head state has been dropped already.
>
> This will leak the extension memory in case the skb has extensions other
> than the ipsec secpath, e.g. bridge nf data.
>
> To fix this, set the UDP_SKB_IS_STATELESS flag only if we don't have
> extensions or if the extension space can be free'd.
>
> Fixes: 895b5c9f206eb7d25dc1360a ("netfilter: drop bridge nf reset from nf_reset")
> Cc: Paolo Abeni <pabeni@xxxxxxxxxx>
> Reported-by: Byron Stanoszek <gandalf@xxxxxxxxx>
> Signed-off-by: Florian Westphal <fw@xxxxxxxxx>

Applied, thanks Florian.