[Devel] [PATCH RHEL7 COMMIT] ms/drop_monitor: Better sanitize notified packets

[Konstantin Khorenko]

The commit is pushed to "branch-rh7-3.10.0-1160.108.1.vz7.221.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.108.1.vz7.221.2
------>
commit 411a6428e2764df4b101f35bbb03d257d053b17f
Author: Ido Schimmel <idosch at mellanox.com>
Date:   Sun Sep 15 09:46:36 2019 +0300

    ms/drop_monitor: Better sanitize notified packets
    
    When working in 'packet' mode, drop monitor generates a notification
    with a potentially truncated payload of the dropped packet. The payload
    is copied from the MAC header, but I forgot to check that the MAC header
    was set, so do it now.
    
    mFixes: ca30707dee2b ("drop_monitor: Add packet alert mode")
    mFixes: 5e58109b1ea4 ("drop_monitor: Add support for packet alert mode for hardware drops")
    Acked-by: Jiri Pirko <jiri at mellanox.com>
    Signed-off-by: Ido Schimmel <idosch at mellanox.com>
    Signed-off-by: David S. Miller <davem at davemloft.net>
    
    Porting notice:
      - hunk in net_dm_hw_packet_probe() has been dropped, vz7 lacks that
        function
    
    https://virtuozzo.atlassian.net/browse/PSBM-153598
    (cherry picked from commit bef17466811b9f559d1dba3ebbfbd01a880c89a2)
    Ported-by: Konstantin Khorenko <khorenko at virtuozzo.com>
---
 net/core/drop_monitor.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/core/drop_monitor.c b/net/core/drop_monitor.c
index b4382517e9a3..65ce1cadd348 100644
--- a/net/core/drop_monitor.c
+++ b/net/core/drop_monitor.c
@@ -272,6 +272,9 @@ static void net_dm_packet_trace_kfree_skb_hit(void *ignore,
 	struct sk_buff *nskb;
 	unsigned long flags;
 
+	if (!skb_mac_header_was_set(skb))
+		return;
+
 	nskb = skb_clone(skb, GFP_ATOMIC);
 	if (!nskb)
 		return;