Linux v4.10.14
This commit is contained in:
parent
0cb7c1d82e
commit
5703956bbf
|
@ -1,53 +0,0 @@
|
|||
From 43a6684519ab0a6c52024b5e25322476cabad893 Mon Sep 17 00:00:00 2001
|
||||
From: Eric Dumazet <edumazet@google.com>
|
||||
Date: Fri, 24 Mar 2017 19:36:13 -0700
|
||||
Subject: [PATCH] ping: implement proper locking
|
||||
|
||||
We got a report of yet another bug in ping
|
||||
|
||||
http://www.openwall.com/lists/oss-security/2017/03/24/6
|
||||
|
||||
->disconnect() is not called with socket lock held.
|
||||
|
||||
Fix this by acquiring ping rwlock earlier.
|
||||
|
||||
Thanks to Daniel, Alexander and Andrey for letting us know this problem.
|
||||
|
||||
Fixes: c319b4d76b9e ("net: ipv4: add IPPROTO_ICMP socket kind")
|
||||
Signed-off-by: Eric Dumazet <edumazet@google.com>
|
||||
Reported-by: Daniel Jiang <danieljiang0415@gmail.com>
|
||||
Reported-by: Solar Designer <solar@openwall.com>
|
||||
Reported-by: Andrey Konovalov <andreyknvl@google.com>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
net/ipv4/ping.c | 5 +++--
|
||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
|
||||
index 2af6244..ccfbce1 100644
|
||||
--- a/net/ipv4/ping.c
|
||||
+++ b/net/ipv4/ping.c
|
||||
@@ -156,17 +156,18 @@ int ping_hash(struct sock *sk)
|
||||
void ping_unhash(struct sock *sk)
|
||||
{
|
||||
struct inet_sock *isk = inet_sk(sk);
|
||||
+
|
||||
pr_debug("ping_unhash(isk=%p,isk->num=%u)\n", isk, isk->inet_num);
|
||||
+ write_lock_bh(&ping_table.lock);
|
||||
if (sk_hashed(sk)) {
|
||||
- write_lock_bh(&ping_table.lock);
|
||||
hlist_nulls_del(&sk->sk_nulls_node);
|
||||
sk_nulls_node_init(&sk->sk_nulls_node);
|
||||
sock_put(sk);
|
||||
isk->inet_num = 0;
|
||||
isk->inet_sport = 0;
|
||||
sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
|
||||
- write_unlock_bh(&ping_table.lock);
|
||||
}
|
||||
+ write_unlock_bh(&ping_table.lock);
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(ping_unhash);
|
||||
|
||||
--
|
||||
2.9.3
|
||||
|
|
@ -1,73 +0,0 @@
|
|||
From 4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee Mon Sep 17 00:00:00 2001
|
||||
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
|
||||
Date: Fri, 21 Apr 2017 23:14:48 +0200
|
||||
Subject: macsec: avoid heap overflow in skb_to_sgvec
|
||||
|
||||
While this may appear as a humdrum one line change, it's actually quite
|
||||
important. An sk_buff stores data in three places:
|
||||
|
||||
1. A linear chunk of allocated memory in skb->data. This is the easiest
|
||||
one to work with, but it precludes using scatterdata since the memory
|
||||
must be linear.
|
||||
2. The array skb_shinfo(skb)->frags, which is of maximum length
|
||||
MAX_SKB_FRAGS. This is nice for scattergather, since these fragments
|
||||
can point to different pages.
|
||||
3. skb_shinfo(skb)->frag_list, which is a pointer to another sk_buff,
|
||||
which in turn can have data in either (1) or (2).
|
||||
|
||||
The first two are rather easy to deal with, since they're of a fixed
|
||||
maximum length, while the third one is not, since there can be
|
||||
potentially limitless chains of fragments. Fortunately dealing with
|
||||
frag_list is opt-in for drivers, so drivers don't actually have to deal
|
||||
with this mess. For whatever reason, macsec decided it wanted pain, and
|
||||
so it explicitly specified NETIF_F_FRAGLIST.
|
||||
|
||||
Because dealing with (1), (2), and (3) is insane, most users of sk_buff
|
||||
doing any sort of crypto or paging operation calls a convenient function
|
||||
called skb_to_sgvec (which happens to be recursive if (3) is in use!).
|
||||
This takes a sk_buff as input, and writes into its output pointer an
|
||||
array of scattergather list items. Sometimes people like to declare a
|
||||
fixed size scattergather list on the stack; othertimes people like to
|
||||
allocate a fixed size scattergather list on the heap. However, if you're
|
||||
doing it in a fixed-size fashion, you really shouldn't be using
|
||||
NETIF_F_FRAGLIST too (unless you're also ensuring the sk_buff and its
|
||||
frag_list children arent't shared and then you check the number of
|
||||
fragments in total required.)
|
||||
|
||||
Macsec specifically does this:
|
||||
|
||||
size += sizeof(struct scatterlist) * (MAX_SKB_FRAGS + 1);
|
||||
tmp = kmalloc(size, GFP_ATOMIC);
|
||||
*sg = (struct scatterlist *)(tmp + sg_offset);
|
||||
...
|
||||
sg_init_table(sg, MAX_SKB_FRAGS + 1);
|
||||
skb_to_sgvec(skb, sg, 0, skb->len);
|
||||
|
||||
Specifying MAX_SKB_FRAGS + 1 is the right answer usually, but not if you're
|
||||
using NETIF_F_FRAGLIST, in which case the call to skb_to_sgvec will
|
||||
overflow the heap, and disaster ensues.
|
||||
|
||||
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
||||
Cc: stable@vger.kernel.org
|
||||
Cc: security@kernel.org
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
drivers/net/macsec.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
|
||||
index ff0a5ed..dbab05a 100644
|
||||
--- a/drivers/net/macsec.c
|
||||
+++ b/drivers/net/macsec.c
|
||||
@@ -2716,7 +2716,7 @@ static netdev_tx_t macsec_start_xmit(struct sk_buff *skb,
|
||||
}
|
||||
|
||||
#define MACSEC_FEATURES \
|
||||
- (NETIF_F_SG | NETIF_F_HIGHDMA | NETIF_F_FRAGLIST)
|
||||
+ (NETIF_F_SG | NETIF_F_HIGHDMA)
|
||||
static struct lock_class_key macsec_netdev_addr_lock_key;
|
||||
|
||||
static int macsec_dev_init(struct net_device *dev)
|
||||
--
|
||||
cgit v1.1
|
||||
|
|
@ -1,180 +0,0 @@
|
|||
From: "J. Bruce Fields" <bfields@redhat.com>
|
||||
Date: 2017-04-14 15:04:40
|
||||
Subject: [PATCH] nfsd: check for oversized NFSv2/v3 arguments
|
||||
|
||||
A client can append random data to the end of an NFSv2 or NFSv3 RPC call
|
||||
without our complaining; we'll just stop parsing at the end of the
|
||||
expected data and ignore the rest.
|
||||
|
||||
Encoded arguments and replies are stored together in an array of pages,
|
||||
and if a call is too large it could leave inadequate space for the
|
||||
reply. This is normally OK because NFS RPC's typically have either
|
||||
short arguments and long replies (like READ) or long arguments and short
|
||||
replies (like WRITE). But a client that sends an incorrectly long reply
|
||||
can violate those assumptions. This was observed to cause crashes.
|
||||
|
||||
So, insist that the argument not be any longer than we expect.
|
||||
|
||||
Also, several operations increment rq_next_page in the decode routine
|
||||
before checking the argument size, which can leave rq_next_page pointing
|
||||
well past the end of the page array, causing trouble later in
|
||||
svc_free_pages.
|
||||
|
||||
As followup we may also want to rewrite the encoding routines to check
|
||||
more carefully that they aren't running off the end of the page array.
|
||||
|
||||
Reported-by: Tuomas Haanpää <thaan@synopsys.com>
|
||||
Reported-by: Ari Kauppi <ari@synopsys.com>
|
||||
Cc: stable@vger.kernel.org
|
||||
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
|
||||
---
|
||||
fs/nfsd/nfs3xdr.c | 23 +++++++++++++++++------
|
||||
fs/nfsd/nfsxdr.c | 13 ++++++++++---
|
||||
include/linux/sunrpc/svc.h | 3 +--
|
||||
3 files changed, 28 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/fs/nfsd/nfs3xdr.c b/fs/nfsd/nfs3xdr.c
|
||||
index dba2ff8eaa68..be66bcadfaea 100644
|
||||
--- a/fs/nfsd/nfs3xdr.c
|
||||
+++ b/fs/nfsd/nfs3xdr.c
|
||||
@@ -334,8 +334,11 @@ nfs3svc_decode_readargs(struct svc_rqst *rqstp, __be32 *p,
|
||||
if (!p)
|
||||
return 0;
|
||||
p = xdr_decode_hyper(p, &args->offset);
|
||||
-
|
||||
args->count = ntohl(*p++);
|
||||
+
|
||||
+ if (!xdr_argsize_check(rqstp, p))
|
||||
+ return 0;
|
||||
+
|
||||
len = min(args->count, max_blocksize);
|
||||
|
||||
/* set up the kvec */
|
||||
@@ -349,7 +352,7 @@ nfs3svc_decode_readargs(struct svc_rqst *rqstp, __be32 *p,
|
||||
v++;
|
||||
}
|
||||
args->vlen = v;
|
||||
- return xdr_argsize_check(rqstp, p);
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
int
|
||||
@@ -536,9 +539,11 @@ nfs3svc_decode_readlinkargs(struct svc_rqst *rqstp, __be32 *p,
|
||||
p = decode_fh(p, &args->fh);
|
||||
if (!p)
|
||||
return 0;
|
||||
+ if (!xdr_argsize_check(rqstp, p))
|
||||
+ return 0;
|
||||
args->buffer = page_address(*(rqstp->rq_next_page++));
|
||||
|
||||
- return xdr_argsize_check(rqstp, p);
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
int
|
||||
@@ -564,10 +569,14 @@ nfs3svc_decode_readdirargs(struct svc_rqst *rqstp, __be32 *p,
|
||||
args->verf = p; p += 2;
|
||||
args->dircount = ~0;
|
||||
args->count = ntohl(*p++);
|
||||
+
|
||||
+ if (!xdr_argsize_check(rqstp, p))
|
||||
+ return 0;
|
||||
+
|
||||
args->count = min_t(u32, args->count, PAGE_SIZE);
|
||||
args->buffer = page_address(*(rqstp->rq_next_page++));
|
||||
|
||||
- return xdr_argsize_check(rqstp, p);
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
int
|
||||
@@ -585,6 +594,9 @@ nfs3svc_decode_readdirplusargs(struct svc_rqst *rqstp, __be32 *p,
|
||||
args->dircount = ntohl(*p++);
|
||||
args->count = ntohl(*p++);
|
||||
|
||||
+ if (!xdr_argsize_check(rqstp, p))
|
||||
+ return 0;
|
||||
+
|
||||
len = args->count = min(args->count, max_blocksize);
|
||||
while (len > 0) {
|
||||
struct page *p = *(rqstp->rq_next_page++);
|
||||
@@ -592,8 +604,7 @@ nfs3svc_decode_readdirplusargs(struct svc_rqst *rqstp, __be32 *p,
|
||||
args->buffer = page_address(p);
|
||||
len -= PAGE_SIZE;
|
||||
}
|
||||
-
|
||||
- return xdr_argsize_check(rqstp, p);
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
int
|
||||
diff --git a/fs/nfsd/nfsxdr.c b/fs/nfsd/nfsxdr.c
|
||||
index 41b468a6a90f..79268369f7b3 100644
|
||||
--- a/fs/nfsd/nfsxdr.c
|
||||
+++ b/fs/nfsd/nfsxdr.c
|
||||
@@ -257,6 +257,9 @@ nfssvc_decode_readargs(struct svc_rqst *rqstp, __be32 *p,
|
||||
len = args->count = ntohl(*p++);
|
||||
p++; /* totalcount - unused */
|
||||
|
||||
+ if (!xdr_argsize_check(rqstp, p))
|
||||
+ return 0;
|
||||
+
|
||||
len = min_t(unsigned int, len, NFSSVC_MAXBLKSIZE_V2);
|
||||
|
||||
/* set up somewhere to store response.
|
||||
@@ -272,7 +275,7 @@ nfssvc_decode_readargs(struct svc_rqst *rqstp, __be32 *p,
|
||||
v++;
|
||||
}
|
||||
args->vlen = v;
|
||||
- return xdr_argsize_check(rqstp, p);
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
int
|
||||
@@ -360,9 +363,11 @@ nfssvc_decode_readlinkargs(struct svc_rqst *rqstp, __be32 *p, struct nfsd_readli
|
||||
p = decode_fh(p, &args->fh);
|
||||
if (!p)
|
||||
return 0;
|
||||
+ if (!xdr_argsize_check(rqstp, p))
|
||||
+ return 0;
|
||||
args->buffer = page_address(*(rqstp->rq_next_page++));
|
||||
|
||||
- return xdr_argsize_check(rqstp, p);
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
int
|
||||
@@ -400,9 +405,11 @@ nfssvc_decode_readdirargs(struct svc_rqst *rqstp, __be32 *p,
|
||||
args->cookie = ntohl(*p++);
|
||||
args->count = ntohl(*p++);
|
||||
args->count = min_t(u32, args->count, PAGE_SIZE);
|
||||
+ if (!xdr_argsize_check(rqstp, p))
|
||||
+ return 0;
|
||||
args->buffer = page_address(*(rqstp->rq_next_page++));
|
||||
|
||||
- return xdr_argsize_check(rqstp, p);
|
||||
+ return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
diff --git a/include/linux/sunrpc/svc.h b/include/linux/sunrpc/svc.h
|
||||
index e770abeed32d..6ef19cf658b4 100644
|
||||
--- a/include/linux/sunrpc/svc.h
|
||||
+++ b/include/linux/sunrpc/svc.h
|
||||
@@ -336,8 +336,7 @@ xdr_argsize_check(struct svc_rqst *rqstp, __be32 *p)
|
||||
{
|
||||
char *cp = (char *)p;
|
||||
struct kvec *vec = &rqstp->rq_arg.head[0];
|
||||
- return cp >= (char*)vec->iov_base
|
||||
- && cp <= (char*)vec->iov_base + vec->iov_len;
|
||||
+ return cp == (char *)vec->iov_base + vec->iov_len;
|
||||
}
|
||||
|
||||
static inline int
|
||||
--
|
||||
2.9.3
|
||||
|
||||
--
|
||||
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
|
||||
the body of a message to majordomo@vger.kernel.org
|
||||
More majordomo info at http://vger.kernel.org/majordomo-info.html
|
18
kernel.spec
18
kernel.spec
|
@ -54,7 +54,7 @@ Summary: The Linux kernel
|
|||
%if 0%{?released_kernel}
|
||||
|
||||
# Do we have a -stable update to apply?
|
||||
%define stable_update 13
|
||||
%define stable_update 14
|
||||
# Set rpm version accordingly
|
||||
%if 0%{?stable_update}
|
||||
%define stablerev %{stable_update}
|
||||
|
@ -599,23 +599,11 @@ Patch849: 0001-iio-Use-event-header-from-kernel-tree.patch
|
|||
# selinux: allow context mounts on tmpfs, ramfs, devpts within user namespaces
|
||||
Patch852: selinux-allow-context-mounts-on-tmpfs-etc.patch
|
||||
|
||||
#CVE-2017-7277 rhbz 1436629 1436661
|
||||
Patch858: tcp-mark-skbs-with-SCM_TIMESTAMPING_OPT_STATS.patch
|
||||
|
||||
# CVE-2017-2671 rhbz 1436649 1436663
|
||||
Patch860: 0001-ping-implement-proper-locking.patch
|
||||
|
||||
Patch861: 0001-efi-libstub-Treat-missing-SecureBoot-variable-as-Sec.patch
|
||||
|
||||
#rhbz 1441310
|
||||
Patch863: rhbz_1441310.patch
|
||||
|
||||
# CVE-2017-7645 rhbz 1443615 1443617
|
||||
Patch866: CVE-2017-7645.patch
|
||||
|
||||
# CVE-2017-7477 rhbz 1445207 1445208
|
||||
Patch867: CVE-2017-7477.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
%endif
|
||||
|
@ -2185,6 +2173,10 @@ fi
|
|||
#
|
||||
#
|
||||
%changelog
|
||||
* Wed May 03 2017 Justin M. Forbes <jforbes@fedoraproject.org> - 4.10.14-200
|
||||
- Linux v4.10.14
|
||||
- Fixes CVE-2017-7895 (rhbz 1446103 1446541)
|
||||
|
||||
* Thu Apr 27 2017 Justin M. Forbes <jforbes@fedoraproject.org> - 4.10.13-200
|
||||
- Linux v4.10.13
|
||||
|
||||
|
|
2
sources
2
sources
|
@ -1,3 +1,3 @@
|
|||
SHA512 (linux-4.10.tar.xz) = c3690125a8402df638095bd98a613fcf1a257b81de7611c84711d315cd11e2634ab4636302b3742aedf1e3ba9ce0fea53fe8c7d48e37865d8ee5db3565220d90
|
||||
SHA512 (perf-man-4.10.tar.gz) = 2c830e06f47211d70a8330961487af73a8bc01073019475e6b6131d3bb8c95658b77ca0ae5f1b44371accf103658bc5a3a4366b3e017a4088a8fd408dd6867e8
|
||||
SHA512 (patch-4.10.13.xz) = 8ada730b91ffd0ab35f619e2dd1b29cbcc090f94a2d8de04178af0b7e303abb5393090888506bf6f1f3899c27bbe50f132a42186193203fa1214130623b2e050
|
||||
SHA512 (patch-4.10.14.xz) = 0979d6a503ac1f094914f56c0aed9cbcd949f68b3cc649fe6664460b9da68cb80d024c40859864d17c97de25b77c02bf08f9ab04d00d636dd6e336f32f74cdd9
|
||||
|
|
|
@ -1,119 +0,0 @@
|
|||
From 4ef1b2869447411ad3ef91ad7d4891a83c1a509a Mon Sep 17 00:00:00 2001
|
||||
From: Soheil Hassas Yeganeh <soheil@google.com>
|
||||
Date: Sat, 18 Mar 2017 17:03:00 -0400
|
||||
Subject: [PATCH] tcp: mark skbs with SCM_TIMESTAMPING_OPT_STATS
|
||||
|
||||
SOF_TIMESTAMPING_OPT_STATS can be enabled and disabled
|
||||
while packets are collected on the error queue.
|
||||
So, checking SOF_TIMESTAMPING_OPT_STATS in sk->sk_tsflags
|
||||
is not enough to safely assume that the skb contains
|
||||
OPT_STATS data.
|
||||
|
||||
Add a bit in sock_exterr_skb to indicate whether the
|
||||
skb contains opt_stats data.
|
||||
|
||||
Fixes: 1c885808e456 ("tcp: SOF_TIMESTAMPING_OPT_STATS option for SO_TIMESTAMPING")
|
||||
Reported-by: JongHwan Kim <zzoru007@gmail.com>
|
||||
Signed-off-by: Soheil Hassas Yeganeh <soheil@google.com>
|
||||
Signed-off-by: Eric Dumazet <edumazet@google.com>
|
||||
Signed-off-by: Willem de Bruijn <willemb@google.com>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
include/linux/errqueue.h | 2 ++
|
||||
net/core/skbuff.c | 17 +++++++++++------
|
||||
net/socket.c | 2 +-
|
||||
3 files changed, 14 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/include/linux/errqueue.h b/include/linux/errqueue.h
|
||||
index 9ca23fc..6fdfc88 100644
|
||||
--- a/include/linux/errqueue.h
|
||||
+++ b/include/linux/errqueue.h
|
||||
@@ -20,6 +20,8 @@ struct sock_exterr_skb {
|
||||
struct sock_extended_err ee;
|
||||
u16 addr_offset;
|
||||
__be16 port;
|
||||
+ u8 opt_stats:1,
|
||||
+ unused:7;
|
||||
};
|
||||
|
||||
#endif
|
||||
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
|
||||
index b1fbd19..9f78109 100644
|
||||
--- a/net/core/skbuff.c
|
||||
+++ b/net/core/skbuff.c
|
||||
@@ -3793,16 +3793,20 @@ EXPORT_SYMBOL(skb_clone_sk);
|
||||
|
||||
static void __skb_complete_tx_timestamp(struct sk_buff *skb,
|
||||
struct sock *sk,
|
||||
- int tstype)
|
||||
+ int tstype,
|
||||
+ bool opt_stats)
|
||||
{
|
||||
struct sock_exterr_skb *serr;
|
||||
int err;
|
||||
|
||||
+ BUILD_BUG_ON(sizeof(struct sock_exterr_skb) > sizeof(skb->cb));
|
||||
+
|
||||
serr = SKB_EXT_ERR(skb);
|
||||
memset(serr, 0, sizeof(*serr));
|
||||
serr->ee.ee_errno = ENOMSG;
|
||||
serr->ee.ee_origin = SO_EE_ORIGIN_TIMESTAMPING;
|
||||
serr->ee.ee_info = tstype;
|
||||
+ serr->opt_stats = opt_stats;
|
||||
if (sk->sk_tsflags & SOF_TIMESTAMPING_OPT_ID) {
|
||||
serr->ee.ee_data = skb_shinfo(skb)->tskey;
|
||||
if (sk->sk_protocol == IPPROTO_TCP &&
|
||||
@@ -3843,7 +3847,7 @@ void skb_complete_tx_timestamp(struct sk_buff *skb,
|
||||
*/
|
||||
if (likely(atomic_inc_not_zero(&sk->sk_refcnt))) {
|
||||
*skb_hwtstamps(skb) = *hwtstamps;
|
||||
- __skb_complete_tx_timestamp(skb, sk, SCM_TSTAMP_SND);
|
||||
+ __skb_complete_tx_timestamp(skb, sk, SCM_TSTAMP_SND, false);
|
||||
sock_put(sk);
|
||||
}
|
||||
}
|
||||
@@ -3854,7 +3858,7 @@ void __skb_tstamp_tx(struct sk_buff *orig_skb,
|
||||
struct sock *sk, int tstype)
|
||||
{
|
||||
struct sk_buff *skb;
|
||||
- bool tsonly;
|
||||
+ bool tsonly, opt_stats = false;
|
||||
|
||||
if (!sk)
|
||||
return;
|
||||
@@ -3867,9 +3871,10 @@ void __skb_tstamp_tx(struct sk_buff *orig_skb,
|
||||
#ifdef CONFIG_INET
|
||||
if ((sk->sk_tsflags & SOF_TIMESTAMPING_OPT_STATS) &&
|
||||
sk->sk_protocol == IPPROTO_TCP &&
|
||||
- sk->sk_type == SOCK_STREAM)
|
||||
+ sk->sk_type == SOCK_STREAM) {
|
||||
skb = tcp_get_timestamping_opt_stats(sk);
|
||||
- else
|
||||
+ opt_stats = true;
|
||||
+ } else
|
||||
#endif
|
||||
skb = alloc_skb(0, GFP_ATOMIC);
|
||||
} else {
|
||||
@@ -3888,7 +3893,7 @@ void __skb_tstamp_tx(struct sk_buff *orig_skb,
|
||||
else
|
||||
skb->tstamp = ktime_get_real();
|
||||
|
||||
- __skb_complete_tx_timestamp(skb, sk, tstype);
|
||||
+ __skb_complete_tx_timestamp(skb, sk, tstype, opt_stats);
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(__skb_tstamp_tx);
|
||||
|
||||
|
||||
diff --git a/net/socket.c b/net/socket.c
|
||||
index 02bd924..84e3f85 100644
|
||||
--- a/net/socket.c
|
||||
+++ b/net/socket.c
|
||||
@@ -697,7 +697,7 @@ void __sock_recv_timestamp(struct msghdr *msg, struct sock *sk,
|
||||
put_cmsg(msg, SOL_SOCKET,
|
||||
SCM_TIMESTAMPING, sizeof(tss), &tss);
|
||||
|
||||
- if (skb->len && (sk->sk_tsflags & SOF_TIMESTAMPING_OPT_STATS))
|
||||
+ if (skb->len && SKB_EXT_ERR(skb)->opt_stats)
|
||||
put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMPING_OPT_STATS,
|
||||
skb->len, skb->data);
|
||||
}
|
Loading…
Reference in New Issue