From: Jiri Pirko <jpirko@redhat.com>
Date: Wed, 13 Aug 2008 16:33:13 +0200
Subject: [net] pppoe: unshare skb before anything else
Message-id: 20080813163313.2282e83e@psychotron.englab.brq.redhat.com
O-Subject: [RHEL5.3 patch] BZ457018 pppoe: Unshare skb before anything else [rhel-5.3]
Bugzilla: 457018
RH-Acked-by: David S. Miller <davem@redhat.com>
RH-Acked-by: Thomas Graf <tgraf@redhat.com>
RH-Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com>
RH-Acked-by: Eugene Teo <eteo@redhat.com>

BZ457018

Description:
We need to unshare the skb first as otherwise pskb_may_pull may write
to a shared skb which could be bad.

Upstream status:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=bc6cffd177f9266af38dba96a2cea06c1e7ff932

Brew build:
http://brewweb.devel.redhat.com/brew/taskinfo?taskID=1428704

Test status:
Booted on x86_64.

Jirka

diff --git a/drivers/net/pppoe.c b/drivers/net/pppoe.c
index 0d101a1..8b21b72 100644
--- a/drivers/net/pppoe.c
+++ b/drivers/net/pppoe.c
@@ -415,12 +415,12 @@ static int pppoe_disc_rcv(struct sk_buff *skb,
 	struct pppoe_hdr *ph;
 	struct pppox_sock *po;
 
-	if (!pskb_may_pull(skb, sizeof(struct pppoe_hdr)))
-		goto abort;
-
 	if (!(skb = skb_share_check(skb, GFP_ATOMIC))) 
 		goto out;
 
+	if (!pskb_may_pull(skb, sizeof(struct pppoe_hdr)))
+		goto abort;
+
 	ph = (struct pppoe_hdr *) skb->nh.raw;
 	if (ph->code != PADT_CODE)
 		goto abort;