From bef17466811b9f559d1dba3ebbfbd01a880c89a2 Mon Sep 17 00:00:00 2001
From: Ido Schimmel <idosch@mellanox.com>
Date: Sun, 15 Sep 2019 09:46:36 +0300
Subject: [PATCH] drop_monitor: Better sanitize notified packets

When working in 'packet' mode, drop monitor generates a notification
with a potentially truncated payload of the dropped packet. The payload
is copied from the MAC header, but I forgot to check that the MAC header
was set, so do it now.

Fixes: ca30707dee2b ("drop_monitor: Add packet alert mode")
Fixes: 5e58109b1ea4 ("drop_monitor: Add support for packet alert mode for hardware drops")
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
 net/core/drop_monitor.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/net/core/drop_monitor.c b/net/core/drop_monitor.c
index cc60cc22e2db..536e032d95c8 100644
--- a/net/core/drop_monitor.c
+++ b/net/core/drop_monitor.c
@@ -487,6 +487,9 @@ static void net_dm_packet_trace_kfree_skb_hit(void *ignore,
 	struct sk_buff *nskb;
 	unsigned long flags;
 
+	if (!skb_mac_header_was_set(skb))
+		return;
+
 	nskb = skb_clone(skb, GFP_ATOMIC);
 	if (!nskb)
 		return;
@@ -900,6 +903,9 @@ net_dm_hw_packet_probe(struct sk_buff *skb,
 	struct sk_buff *nskb;
 	unsigned long flags;
 
+	if (!skb_mac_header_was_set(skb))
+		return;
+
 	nskb = skb_clone(skb, GFP_ATOMIC);
 	if (!nskb)
 		return;
-- 
2.11.0