!7001 fix CVE-2024-27010 (0bf80b78) · Commits · EulixOS / Software / Kernel

include/net/sch_generic.h

+2 −0

Original line number	Diff line number	Diff line
		@@ -99,6 +99,8 @@ struct Qdisc {
		* for 32-bit kernel.
		*/
		struct rcu_head rcu;
		/* onwer will use 4 Bytes, and the space is enough.*/
		int owner;
		#endif
		/*
		* For performance sake on SMP, we put highly modified fields at the end

+6 −0

Original line number	Diff line number	Diff line
		@@ -3472,6 +3472,10 @@ static inline int __dev_xmit_skb(struct sk_buff skb, struct Qdisc q,
		return rc;
		}

		if (unlikely(READ_ONCE(q->owner) == smp_processor_id())) {
		kfree_skb(skb);
		return NET_XMIT_DROP;
		}
		/*
		* Heuristic to force contended enqueues to serialize on a
		* separate lock before trying to get qdisc main lock.
		@@ -3507,7 +3511,9 @@ static inline int __dev_xmit_skb(struct sk_buff skb, struct Qdisc q,
		qdisc_run_end(q);
		rc = NET_XMIT_SUCCESS;
		} else {
		WRITE_ONCE(q->owner, smp_processor_id());
		rc = q->enqueue(skb, q, &to_free) & NET_XMIT_MASK;
		WRITE_ONCE(q->owner, -1);
		if (qdisc_run_begin(q)) {
		if (unlikely(contended)) {
		spin_unlock(&q->busylock);

+1 −0

Original line number	Diff line number	Diff line
		@@ -881,6 +881,7 @@ struct Qdisc qdisc_alloc(struct netdev_queue dev_queue,
		sch->enqueue = ops->enqueue;
		sch->dequeue = ops->dequeue;
		sch->dev_queue = dev_queue;
		sch->owner = -1;
		dev_hold(dev);
		refcount_set(&sch->refcnt, 1);