drop_monitor: Better sanitize notified packets

When working in 'packet' mode, drop monitor generates a notification
with a potentially truncated payload of the dropped packet. The payload
is copied from the MAC header, but I forgot to check that the MAC header
was set, so do it now.

Fixes: ca30707dee2b ("drop_monitor: Add packet alert mode")
Fixes: 5e58109b1ea4 ("drop_monitor: Add support for packet alert mode for hardware drops")
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/core/drop_monitor.c b/net/core/drop_monitor.c
index cc60cc2..536e032 100644 (file)
--- a/net/core/drop_monitor.c
+++ b/net/core/drop_monitor.c
@@ -487,6 +487,9 @@ static void net_dm_packet_trace_kfree_skb_hit(void *ignore,
        struct sk_buff *nskb;
        unsigned long flags;
 
+       if (!skb_mac_header_was_set(skb))
+               return;
+
        nskb = skb_clone(skb, GFP_ATOMIC);
        if (!nskb)
                return;
@@ -900,6 +903,9 @@ net_dm_hw_packet_probe(struct sk_buff *skb,
        struct sk_buff *nskb;
        unsigned long flags;
 
+       if (!skb_mac_header_was_set(skb))
+               return;
+
        nskb = skb_clone(skb, GFP_ATOMIC);
        if (!nskb)
                return;