[PATCH RFC 6.6] rxrpc: Fix potential UAF after skb_unshare() failure
Sasha Levin
sashal at kernel.org
Fri May 8 14:11:43 PDT 2026
> Subject: [PATCH RFC 6.6] rxrpc: Fix potential UAF after skb_unshare() failure
>
> [ Upstream commit 1f2740150f904bfa60e4bad74d65add3ccb5e7f8 ]
>
> [ Readd rxrpc_skb_put_response_copy() or will cause a build fail with commit
> 24481a7f5733 ("rxrpc: Fix conn-level packet handling to unshare RESPONSE
> packets") ]
Queued for 6.6, thanks.
I also took the mainline follow-up 55b2984c96c37 ("rxrpc: Fix
rxrpc_input_call_event() to only unshare DATA packets", a Fixes:
of 1f2740150f90) on top, so 6.6 ends up with the same pair that
6.12 already shipped (bf20f46d94f1d + 016725807ce3). Without it
the unconditional skb_copy() of every cloned ACK/ABORT/ACKALL
would re-introduce exactly the regression that follow-up commit
fixed.
--
Thanks,
Sasha
More information about the linux-afs
mailing list