| From: Stefano Brivio <sbrivio@redhat.com> |
| Date: Fri, 13 Jul 2018 13:21:07 +0200 |
| Subject: skbuff: Unconditionally copy pfmemalloc in __skb_clone() |
| |
| commit e78bfb0751d4e312699106ba7efbed2bab1a53ca upstream. |
| |
| Commit 8b7008620b84 ("net: Don't copy pfmemalloc flag in |
| __copy_skb_header()") introduced a different handling for the |
| pfmemalloc flag in copy and clone paths. |
| |
| In __skb_clone(), now, the flag is set only if it was set in the |
| original skb, but not cleared if it wasn't. This is wrong and |
| might lead to socket buffers being flagged with pfmemalloc even |
| if the skb data wasn't allocated from pfmemalloc reserves. Copy |
| the flag instead of ORing it. |
| |
| Reported-by: Sabrina Dubroca <sd@queasysnail.net> |
| Fixes: 8b7008620b84 ("net: Don't copy pfmemalloc flag in __copy_skb_header()") |
| Signed-off-by: Stefano Brivio <sbrivio@redhat.com> |
| Tested-by: Sabrina Dubroca <sd@queasysnail.net> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| [bwh: Backported to 3.16: We didn't set the pfmemalloc flag in either copy |
| or clone path until now] |
| Signed-off-by: Ben Hutchings <ben@decadent.org.uk> |
| --- |
| --- a/net/core/skbuff.c |
| +++ b/net/core/skbuff.c |
| @@ -768,6 +768,7 @@ static struct sk_buff *__skb_clone(struc |
| n->cloned = 1; |
| n->nohdr = 0; |
| n->peeked = 0; |
| + C(pfmemalloc); |
| n->destructor = NULL; |
| C(tail); |
| C(end); |