Commit a28b1b90 authored by Florian Westphal's avatar Florian Westphal Committed by David S. Miller

skbuff: re-add check for NULL skb->head in kfree_skb path

A null check is needed after all.  netlink skbs can have skb->head be
backed by vmalloc.  The netlink destructor vfree()s head, then sets it to
NULL.  We then panic in skb_release_data with a NULL dereference.

Re-add such a test.

Alternative would be to switch to kvfree to free skb->head memory
and remove the special handling in netlink destructor.
Reported-by: default avatarkernel test robot <fengguang.wu@intel.com>
Fixes: 06dc75ab ("net: Revert "net: add function to allocate sk_buff head without data area")
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent ba3fb102
...@@ -638,6 +638,7 @@ void skb_release_head_state(struct sk_buff *skb) ...@@ -638,6 +638,7 @@ void skb_release_head_state(struct sk_buff *skb)
static void skb_release_all(struct sk_buff *skb) static void skb_release_all(struct sk_buff *skb)
{ {
skb_release_head_state(skb); skb_release_head_state(skb);
if (likely(skb->head))
skb_release_data(skb); skb_release_data(skb);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment