From: Jiri Pirko <jpirko@redhat.com> Date: Wed, 13 Aug 2008 16:33:13 +0200 Subject: [net] pppoe: unshare skb before anything else Message-id: 20080813163313.2282e83e@psychotron.englab.brq.redhat.com O-Subject: [RHEL5.3 patch] BZ457018 pppoe: Unshare skb before anything else [rhel-5.3] Bugzilla: 457018 RH-Acked-by: David S. Miller <davem@redhat.com> RH-Acked-by: Thomas Graf <tgraf@redhat.com> RH-Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com> RH-Acked-by: Eugene Teo <eteo@redhat.com> BZ457018 Description: We need to unshare the skb first as otherwise pskb_may_pull may write to a shared skb which could be bad. Upstream status: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=bc6cffd177f9266af38dba96a2cea06c1e7ff932 Brew build: http://brewweb.devel.redhat.com/brew/taskinfo?taskID=1428704 Test status: Booted on x86_64. Jirka diff --git a/drivers/net/pppoe.c b/drivers/net/pppoe.c index 0d101a1..8b21b72 100644 --- a/drivers/net/pppoe.c +++ b/drivers/net/pppoe.c @@ -415,12 +415,12 @@ static int pppoe_disc_rcv(struct sk_buff *skb, struct pppoe_hdr *ph; struct pppox_sock *po; - if (!pskb_may_pull(skb, sizeof(struct pppoe_hdr))) - goto abort; - if (!(skb = skb_share_check(skb, GFP_ATOMIC))) goto out; + if (!pskb_may_pull(skb, sizeof(struct pppoe_hdr))) + goto abort; + ph = (struct pppoe_hdr *) skb->nh.raw; if (ph->code != PADT_CODE) goto abort;