net: sched: Fix use after free in red_enqueue()
Bug #2017013 reported by
Cengiz Can
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
High
|
Cengiz Can | ||
Xenial |
Fix Released
|
High
|
Cengiz Can | ||
linux-oem-5.14 (Ubuntu) |
Won't Fix
|
High
|
Cengiz Can | ||
linux-oem-5.17 (Ubuntu) |
Fix Released
|
High
|
Cengiz Can |
Bug Description
[Impact]
We can't use "skb" again after passing it to qdisc_enqueue(). This is
basically identical to commit 2f09707 ("sch_sfb: Also store skb
len before calling child enqueue").
Fixes: d7f4f33 ("sch_red: update backlog as well")
[Fix]
Cherry picked from upstream.
[Test case]
Compile, boot and basic network functionality tested using ntop.
[Potential regression]
Low. This has been in multiple trees for a while now.
affects: | linux-azure (Ubuntu) → linux (Ubuntu) |
Changed in linux (Ubuntu): | |
status: | New → In Progress |
importance: | Undecided → High |
milestone: | none → xenial-updates |
milestone: | xenial-updates → none |
Changed in linux (Ubuntu Xenial): | |
status: | New → In Progress |
Changed in linux (Ubuntu): | |
status: | In Progress → New |
Changed in linux (Ubuntu Xenial): | |
importance: | Undecided → High |
Changed in linux (Ubuntu): | |
importance: | High → Undecided |
Changed in linux (Ubuntu Xenial): | |
assignee: | nobody → Cengiz Can (cengizcan) |
Changed in linux (Ubuntu): | |
assignee: | Cengiz Can (cengizcan) → nobody |
description: | updated |
no longer affects: | linux-oem (Ubuntu Xenial) |
Changed in linux-oem (Ubuntu): | |
status: | New → In Progress |
importance: | Undecided → High |
assignee: | nobody → Cengiz Can (cengizcan) |
affects: | linux-oem (Ubuntu) → linux-oem-5.17 (Ubuntu) |
Changed in linux-oem-5.14 (Ubuntu): | |
status: | New → In Progress |
importance: | Undecided → High |
assignee: | nobody → Cengiz Can (cengizcan) |
Changed in linux (Ubuntu Xenial): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu): | |
status: | Incomplete → Fix Committed |
importance: | Undecided → High |
assignee: | nobody → Cengiz Can (cengizcan) |
Changed in linux-oem-5.17 (Ubuntu): | |
status: | In Progress → Fix Committed |
status: | Fix Committed → Fix Released |
Changed in linux (Ubuntu Xenial): | |
status: | Fix Committed → Fix Released |
Changed in linux (Ubuntu): | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:
apport-collect 2017013
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.