drop_monitor: Better sanitize notified packets

When working in 'packet' mode, drop monitor generates a notification with a potentially truncated payload of the dropped packet. The payload is copied from the MAC header, but I forgot to check that the MAC header was set, so do it now. Fixes: ca30707dee2b ("drop_monitor: Add packet alert mode") Fixes: 5e58109b1ea4 ("drop_monitor: Add support for packet alert mode for hardware drops") Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Ido Schimmel 2019-09-15 09:46:36 +0300
committer: David S. Miller 2019-09-16 21:39:27 +0200
commit: bef17466811b9f559d1dba3ebbfbd01a880c89a2 (patch)
tree: db3d398fe5737b425daebfbf7cccb46117cc3bec /net
parent: 58a406def4374c08d063ec9ff97da74a74e1a9bf (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/net/core/drop_monitor.c b/net/core/drop_monitor.c
index cc60cc22e2db..536e032d95c8 100644
--- a/net/core/drop_monitor.c
+++ b/net/core/drop_monitor.c
@@ -487,6 +487,9 @@ static void net_dm_packet_trace_kfree_skb_hit(void *ignore,
 	struct sk_buff *nskb;
 	unsigned long flags;
 
+	if (!skb_mac_header_was_set(skb))
+		return;
+
 	nskb = skb_clone(skb, GFP_ATOMIC);
 	if (!nskb)
 		return;
@@ -900,6 +903,9 @@ net_dm_hw_packet_probe(struct sk_buff *skb,
 	struct sk_buff *nskb;
 	unsigned long flags;
 
+	if (!skb_mac_header_was_set(skb))
+		return;
+
 	nskb = skb_clone(skb, GFP_ATOMIC);
 	if (!nskb)
 		return;
author	Ido Schimmel	2019-09-15 09:46:36 +0300
committer	David S. Miller	2019-09-16 21:39:27 +0200
commit	bef17466811b9f559d1dba3ebbfbd01a880c89a2 (patch)
tree	db3d398fe5737b425daebfbf7cccb46117cc3bec /net
parent	58a406def4374c08d063ec9ff97da74a74e1a9bf (diff)