ac5a6acbb1
This updates the backports package used in mac80211 to version 4.19.7-1 which is based on kernel 4.19.7. This integrates all the stable fixes introduces in this kernel version. The deleted patches are not needed any more because they are either included in the upstream Linux kernel 4.19.7 or in backports 4.19.7-1. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
31 lines
938 B
Diff
31 lines
938 B
Diff
From: Sara Sharon <sara.sharon@intel.com>
|
|
Date: Thu, 11 Oct 2018 14:21:21 +0200
|
|
Subject: [PATCH] mac80211: free skb fraglist before freeing the skb
|
|
|
|
mac80211 uses the frag list to build AMSDU. When freeing
|
|
the skb, it may not be really freed, since someone is still
|
|
holding a reference to it.
|
|
In that case, when TCP skb is being retransmitted, the
|
|
pointer to the frag list is being reused, while the data
|
|
in there is no longer valid.
|
|
Since we will never get frag list from the network stack,
|
|
as mac80211 doesn't advertise the capability, we can safely
|
|
free and nullify it before releasing the SKB.
|
|
|
|
Signed-off-by: Sara Sharon <sara.sharon@intel.com>
|
|
---
|
|
|
|
--- a/net/mac80211/status.c
|
|
+++ b/net/mac80211/status.c
|
|
@@ -558,6 +558,11 @@ static void ieee80211_report_used_skb(st
|
|
}
|
|
|
|
ieee80211_led_tx(local);
|
|
+
|
|
+ if (skb_has_frag_list(skb)) {
|
|
+ kfree_skb_list(skb_shinfo(skb)->frag_list);
|
|
+ skb_shinfo(skb)->frag_list = NULL;
|
|
+ }
|
|
}
|
|
|
|
/*
|