From: Sven Eckelmann <sven.eckelmann@gmx.de>
To: greg@kroah.com
Cc: b.a.t.m.a.n@lists.open-mesh.org, Marek Lindner <lindner_marek@yahoo.de>
Subject: [B.A.T.M.A.N.] [PATCH 1/2] Staging: batman-adv: ensure that eth_type_trans gets linear memory
Date: Mon, 22 Nov 2010 12:34:49 +0100 [thread overview]
Message-ID: <1290425690-5119-3-git-send-email-sven.eckelmann@gmx.de> (raw)
In-Reply-To: <201011221129.06220.sven.eckelmann@gmx.de>
From: Marek Lindner <lindner_marek@yahoo.de>
eth_type_trans tries to pull data with the length of the ethernet header
from the skb. We only ensured that enough data for the first ethernet
header and the batman header is available in non-paged memory of the skb
and not for the ethernet after the batman header.
eth_type_trans would fail sometimes with drivers which don't ensure that
all there data is perfectly linearised.
The failure was noticed through a kernel bug Oops generated by the
skb_pull inside eth_type_trans.
Reported-by: Rafal Lesniak <lesniak@eresi-project.org>
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
Signed-off-by: Sven Eckelmann <sven.eckelmann@gmx.de>
---
The same patch was also submitted for 2.6.38 and it is also possible
to merge that patch in 2.6.37 and then merge 2.6.37 in 2.6.28
drivers/staging/batman-adv/soft-interface.c | 14 ++++++++++----
1 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/drivers/staging/batman-adv/soft-interface.c b/drivers/staging/batman-adv/soft-interface.c
index 3904db9..0e99618 100644
--- a/drivers/staging/batman-adv/soft-interface.c
+++ b/drivers/staging/batman-adv/soft-interface.c
@@ -194,14 +194,15 @@ void interface_rx(struct net_device *soft_iface,
struct bat_priv *priv = netdev_priv(soft_iface);
/* check if enough space is available for pulling, and pull */
- if (!pskb_may_pull(skb, hdr_size)) {
- kfree_skb(skb);
- return;
- }
+ if (!pskb_may_pull(skb, hdr_size))
+ goto dropped;
+
skb_pull_rcsum(skb, hdr_size);
/* skb_set_mac_header(skb, -sizeof(struct ethhdr));*/
/* skb->dev & skb->pkt_type are set here */
+ if (unlikely(!pskb_may_pull(skb, ETH_HLEN)))
+ goto dropped;
skb->protocol = eth_type_trans(skb, soft_iface);
/* should not be neccesary anymore as we use skb_pull_rcsum()
@@ -216,6 +217,11 @@ void interface_rx(struct net_device *soft_iface,
soft_iface->last_rx = jiffies;
netif_rx(skb);
+ return;
+
+dropped:
+ kfree_skb(skb);
+ return;
}
#ifdef HAVE_NET_DEVICE_OPS
--
1.7.2.3
next prev parent reply other threads:[~2010-11-22 11:34 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-21 23:55 [B.A.T.M.A.N.] batman-adv for 2.6.38 (1) Sven Eckelmann
2010-11-21 23:55 ` [B.A.T.M.A.N.] [PATCH 01/29] Staging: batman-adv: Replace Andrew Lunn as Staging maintainer Sven Eckelmann
2010-11-21 23:55 ` [B.A.T.M.A.N.] [PATCH 02/29] Staging: batman-adv: ensure that eth_type_trans gets linear memory Sven Eckelmann
2010-11-21 23:55 ` [B.A.T.M.A.N.] [PATCH 03/29] Staging: batman-adv: Add new sysfs files to README Sven Eckelmann
2010-11-21 23:55 ` [B.A.T.M.A.N.] [PATCH 04/29] Staging: batman-adv: Don't remove interface with spinlock held Sven Eckelmann
2010-11-21 23:55 ` [B.A.T.M.A.N.] [PATCH 05/29] Staging: batman-adv: convert batman_if custom refcounting to kref functions Sven Eckelmann
2010-11-21 23:55 ` [B.A.T.M.A.N.] [PATCH 06/29] Staging: batman-adv: use rcu callbacks when freeing batman_if Sven Eckelmann
2010-11-21 23:55 ` [B.A.T.M.A.N.] [PATCH 07/29] Staging: batman-adv: restructure fragmentation to handle batman unicast packets Sven Eckelmann
2010-11-21 23:55 ` [B.A.T.M.A.N.] [PATCH 08/29] Staging: batman-adv: add frag_ prefix to all fragmentation related functions Sven Eckelmann
2010-11-21 23:55 ` [B.A.T.M.A.N.] [PATCH 09/29] Staging: batman-adv: move skb reassembly of fragmented packets into dedicated function Sven Eckelmann
2010-11-21 23:55 ` [B.A.T.M.A.N.] [PATCH 10/29] Staging: batman-adv: remove redundant is_my_mac() check in route_unicast_packet Sven Eckelmann
2010-11-21 23:55 ` [B.A.T.M.A.N.] [PATCH 11/29] Staging: batman-adv: fragment forwarded packets Sven Eckelmann
2010-11-21 23:55 ` [B.A.T.M.A.N.] [PATCH 12/29] Staging: batman-adv: reassemble fragmented skb if mtu allows it Sven Eckelmann
2010-11-21 23:55 ` [B.A.T.M.A.N.] [PATCH 13/29] Staging: batman-adv: softif bridge loop avoidance Sven Eckelmann
2010-11-21 23:55 ` [B.A.T.M.A.N.] [PATCH 14/29] Staging: batman-adv: Unify sysfs file names with their bat_priv atomics Sven Eckelmann
2010-11-21 23:55 ` [B.A.T.M.A.N.] [PATCH 15/29] Staging: batman-adv: Wrapper functions for sysfs storing Sven Eckelmann
2010-11-21 23:55 ` [B.A.T.M.A.N.] [PATCH 16/29] Staging: batman-adv: Ommit storing struct device in sysfs functions Sven Eckelmann
2010-11-21 23:55 ` [B.A.T.M.A.N.] [PATCH 17/29] Staging: batman-adv: Make hop_penalty configurable via sysfs Sven Eckelmann
2010-11-21 23:55 ` [B.A.T.M.A.N.] [PATCH 18/29] Staging: batman-adv: Remove hashdata_compare_cb from hash Sven Eckelmann
2010-11-21 23:55 ` [B.A.T.M.A.N.] [PATCH 19/29] Staging: batman-adv: Remove hashdata_choose_cb " Sven Eckelmann
2010-11-21 23:55 ` [B.A.T.M.A.N.] [PATCH 20/29] Staging: batman-adv: Move hash callback related function to header Sven Eckelmann
2010-11-21 23:55 ` [B.A.T.M.A.N.] [PATCH 21/29] Staging: batman-adv: Make hash_iterate inlineable Sven Eckelmann
2010-11-21 23:56 ` [B.A.T.M.A.N.] [PATCH 22/29] Staging: batman-adv: Rewrite hash using hlist_* Sven Eckelmann
2010-11-21 23:56 ` [B.A.T.M.A.N.] [PATCH 23/29] Staging: batman-adv: Limit spin_locks to spin_lock_bh Sven Eckelmann
2010-11-21 23:56 ` [B.A.T.M.A.N.] [PATCH 24/29] Staging: batman-adv: adding gateway functionality Sven Eckelmann
2010-11-21 23:56 ` [B.A.T.M.A.N.] [PATCH 25/29] Staging: batman-adv: send DHCP requests directly to the chosen gw Sven Eckelmann
2010-11-21 23:56 ` [B.A.T.M.A.N.] [PATCH 26/29] Staging: batman-adv: best gw DHCP filter 802.1Q support Sven Eckelmann
2010-11-21 23:56 ` [B.A.T.M.A.N.] [PATCH 27/29] Staging: batman-adv: add gateway IPv6 support by filtering DHCPv6 messages Sven Eckelmann
2010-11-21 23:56 ` [B.A.T.M.A.N.] [PATCH 28/29] Staging: batman-adv: Use kernel version min macro Sven Eckelmann
2010-11-21 23:56 ` [B.A.T.M.A.N.] [PATCH 29/29] Staging: batman-adv: Use kernel functions to identify broadcasts Sven Eckelmann
2010-11-22 1:06 ` [B.A.T.M.A.N.] batman-adv for 2.6.38 (1) Marek Lindner
2010-11-22 10:28 ` Sven Eckelmann
2010-11-22 11:34 ` [B.A.T.M.A.N.] Staging: batman-adv for 2.6.37 (6) Sven Eckelmann
2010-11-29 18:55 ` Greg KH
2010-11-22 11:34 ` [B.A.T.M.A.N.] [PATCH-stable] Staging: batman-adv: ensure that eth_type_trans gets linear memory Sven Eckelmann
2010-11-22 11:34 ` Sven Eckelmann [this message]
2010-11-22 11:34 ` [B.A.T.M.A.N.] [PATCH 2/2] Staging: batman-adv: Don't remove interface with spinlock held Sven Eckelmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1290425690-5119-3-git-send-email-sven.eckelmann@gmx.de \
--to=sven.eckelmann@gmx.de \
--cc=b.a.t.m.a.n@lists.open-mesh.org \
--cc=greg@kroah.com \
--cc=lindner_marek@yahoo.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).