From: Yunsheng Lin linyunsheng@huawei.com
mainline inclusion from mainline-v6.5-rc1 commit 8b33485128ad932f807f4535e0b440733d8b5808 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9LK5X CVE: CVE-2022-48689
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
__skb_fill_page_desc_noacc() is not doing any pfmemalloc propagating, and yet it has a comment about that, commit 84ce071e38a6 ("net: introduce __skb_fill_page_desc_noacc") may have accidentally moved it to __skb_fill_page_desc_noacc(), so move it back to __skb_fill_page_desc() which is supposed to be doing pfmemalloc propagating.
Signed-off-by: Yunsheng Lin linyunsheng@huawei.com CC: Pavel Begunkov asml.silence@gmail.com Reviewed-by: Pavel Begunkov asml.silence@gmail.com Link: https://lore.kernel.org/r/20230515050107.46397-1-linyunsheng@huawei.com Signed-off-by: Paolo Abeni pabeni@redhat.com Conflicts: include/linux/skbuff.h [The version does not include b51f4113ebb0.] Signed-off-by: Ziyang Xuan william.xuanziyang@huawei.com --- include/linux/skbuff.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index 2c7748721089..b356e1127e15 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -2179,11 +2179,6 @@ static inline void __skb_fill_page_desc_noacc(struct skb_shared_info *shinfo, { skb_frag_t *frag = &shinfo->frags[i];
- /* - * Propagate page pfmemalloc to the skb if we can. The problem is - * that not all callers have unique ownership of the page but rely - * on page_is_pfmemalloc doing the right thing(tm). - */ frag->bv_page = page; frag->bv_offset = off; skb_frag_size_set(frag, size); @@ -2206,6 +2201,11 @@ static inline void __skb_fill_page_desc(struct sk_buff *skb, int i, struct page *page, int off, int size) { __skb_fill_page_desc_noacc(skb_shinfo(skb), i, page, off, size); + + /* Propagate page pfmemalloc to the skb if we can. The problem is + * that not all callers have unique ownership of the page but rely + * on page_is_pfmemalloc doing the right thing(tm). + */ page = compound_head(page); if (page_is_pfmemalloc(page)) skb->pfmemalloc = true;