From: Andrew Lunn <andrew@lunn.ch>
To: greg@kroah.com
Cc: Marek Lindner <lindner_marek@yahoo.de>, b.a.t.m.a.n@lists.open-mesh.net
Subject: [B.A.T.M.A.N.] [PATCH 22/26] Staging: batman-adv: Update pointer to ethhdr after skb_copy
Date: Fri, 7 May 2010 21:47:27 +0200 [thread overview]
Message-ID: <1273261651-21378-23-git-send-email-andrew@lunn.ch> (raw)
In-Reply-To: <1273261651-21378-1-git-send-email-andrew@lunn.ch>
From: Sven Eckelmann <sven.eckelmann@gmx.de>
We must ensure that all pointer to a socket buffer are updated when we
copy a socket buffer and free our reference to the old one.
Another part of the kernel could also free its reference which maybe
removes the buffer completely. In that situation we would would feed
wrong information to the routing algorithm after the memory area is
written again by someone else.
Signed-off-by: Sven Eckelmann <sven.eckelmann@gmx.de>
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
---
drivers/staging/batman-adv/routing.c | 18 ++++++++++++------
1 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/drivers/staging/batman-adv/routing.c b/drivers/staging/batman-adv/routing.c
index bf67059..919a4f8 100644
--- a/drivers/staging/batman-adv/routing.c
+++ b/drivers/staging/batman-adv/routing.c
@@ -614,6 +614,7 @@ int recv_bat_packet(struct sk_buff *skb,
skb = skb_copy(skb, GFP_ATOMIC);
if (!skb)
return NET_RX_DROP;
+ ethhdr = (struct ethhdr *)skb_mac_header(skb);
kfree_skb(skb_old);
}
@@ -639,8 +640,8 @@ static int recv_my_icmp_packet(struct sk_buff *skb)
unsigned long flags;
uint8_t dstaddr[ETH_ALEN];
- icmp_packet = (struct icmp_packet *) skb->data;
- ethhdr = (struct ethhdr *) skb_mac_header(skb);
+ icmp_packet = (struct icmp_packet *)skb->data;
+ ethhdr = (struct ethhdr *)skb_mac_header(skb);
/* add data to device queue */
if (icmp_packet->msg_type != ECHO_REQUEST) {
@@ -671,7 +672,9 @@ static int recv_my_icmp_packet(struct sk_buff *skb)
skb = skb_copy(skb, GFP_ATOMIC);
if (!skb)
return NET_RX_DROP;
- icmp_packet = (struct icmp_packet *) skb->data;
+
+ icmp_packet = (struct icmp_packet *)skb->data;
+ ethhdr = (struct ethhdr *)skb_mac_header(skb);
kfree_skb(skb_old);
}
@@ -732,6 +735,7 @@ static int recv_icmp_ttl_exceeded(struct sk_buff *skb)
if (!skb)
return NET_RX_DROP;
icmp_packet = (struct icmp_packet *) skb->data;
+ ethhdr = (struct ethhdr *)skb_mac_header(skb);
kfree_skb(skb_old);
}
@@ -780,7 +784,7 @@ int recv_icmp_packet(struct sk_buff *skb)
if (!is_my_mac(ethhdr->h_dest))
return NET_RX_DROP;
- icmp_packet = (struct icmp_packet *) skb->data;
+ icmp_packet = (struct icmp_packet *)skb->data;
/* packet for me */
if (is_my_mac(icmp_packet->dst))
@@ -812,7 +816,8 @@ int recv_icmp_packet(struct sk_buff *skb)
skb = skb_copy(skb, GFP_ATOMIC);
if (!skb)
return NET_RX_DROP;
- icmp_packet = (struct icmp_packet *) skb->data;
+ icmp_packet = (struct icmp_packet *)skb->data;
+ ethhdr = (struct ethhdr *)skb_mac_header(skb);
kfree_skb(skb_old);
}
@@ -895,7 +900,8 @@ int recv_unicast_packet(struct sk_buff *skb)
skb = skb_copy(skb, GFP_ATOMIC);
if (!skb)
return NET_RX_DROP;
- unicast_packet = (struct unicast_packet *) skb->data;
+ unicast_packet = (struct unicast_packet *)skb->data;
+ ethhdr = (struct ethhdr *)skb_mac_header(skb);
kfree_skb(skb_old);
}
/* decrement ttl */
--
1.7.1
next prev parent reply other threads:[~2010-05-07 19:47 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-05-07 19:47 [B.A.T.M.A.N.] [PATCH 00/26] Staging: batman-adv: linux-next Andrew Lunn
2010-05-07 19:47 ` [B.A.T.M.A.N.] [PATCH 01/26] Staging: batman-adv: only modify hna-table on active module Andrew Lunn
2010-05-07 19:47 ` [B.A.T.M.A.N.] [PATCH 02/26] Staging: batman-adv: Clone shared bat packets before modifying them Andrew Lunn
2010-05-07 19:47 ` [B.A.T.M.A.N.] [PATCH 03/26] Staging: batman-adv: fix aggregation timing bug Andrew Lunn
2010-05-07 19:47 ` [B.A.T.M.A.N.] [PATCH 04/26] Staging: batman-adv: Fix aggregation direct-link bug Andrew Lunn
2010-05-07 19:47 ` [B.A.T.M.A.N.] [PATCH 05/26] Staging: batman-adv: Update copyright years Andrew Lunn
2010-05-07 19:47 ` [B.A.T.M.A.N.] [PATCH 06/26] Staging: batman-adv: remove the beta from main.h for release Andrew Lunn
2010-05-07 19:47 ` [B.A.T.M.A.N.] [PATCH 07/26] Staging: batman-adv: Remove dead max addr and obsolete VIS_FORMAT strings Andrew Lunn
2010-05-07 19:47 ` [B.A.T.M.A.N.] [PATCH 08/26] Staging: batman-adv: Add 0.2.1 changes to the CHANGELOG Andrew Lunn
2010-05-07 19:47 ` [B.A.T.M.A.N.] [PATCH 09/26] Staging: batman-adv: Update README about vis raw output Andrew Lunn
2010-05-07 19:47 ` [B.A.T.M.A.N.] [PATCH 10/26] Staging: batman-adv: Changing version to 0.2.2-beta Andrew Lunn
2010-05-07 19:47 ` [B.A.T.M.A.N.] [PATCH 11/26] Staging: batman-adv: cleanup: change test for end of array Andrew Lunn
2010-05-07 19:47 ` [B.A.T.M.A.N.] [PATCH 12/26] Staging: batman-adv: fix whitespace style issues Andrew Lunn
2010-05-07 19:47 ` [B.A.T.M.A.N.] [PATCH 13/26] Staging: batman-adv: convert multiple /proc files to use sysfs Andrew Lunn
2010-05-07 19:47 ` [B.A.T.M.A.N.] [PATCH 14/26] Staging: batman-adv: convert more files from /proc to /sys Andrew Lunn
2010-05-07 19:47 ` [B.A.T.M.A.N.] [PATCH 15/26] Staging: batman-adv: move originator interval setting " Andrew Lunn
2010-05-07 19:47 ` [B.A.T.M.A.N.] [PATCH 16/26] Staging: batman-adv: remove redundant pointer to originator interface Andrew Lunn
2010-05-07 19:47 ` [B.A.T.M.A.N.] [PATCH 17/26] Staging: batman-adv: move /proc interface handling to /sys Andrew Lunn
2010-05-07 19:47 ` [B.A.T.M.A.N.] [PATCH 18/26] Staging: batman-adv: fix whitespace style issues Andrew Lunn
2010-05-07 19:47 ` [B.A.T.M.A.N.] [PATCH 19/26] Staging: batman-adv: Reorganize sequence number handling Andrew Lunn
2010-05-07 19:47 ` [B.A.T.M.A.N.] [PATCH 20/26] Staging: batman-adv: Limit queue lengths for batman and broadcast packets Andrew Lunn
2010-05-07 19:47 ` [B.A.T.M.A.N.] [PATCH 21/26] Staging: batman-adv: kfree_skb() in interface_tx() in error case Andrew Lunn
2010-05-07 19:47 ` Andrew Lunn [this message]
2010-05-07 19:47 ` [B.A.T.M.A.N.] [PATCH 23/26] Staging: batman-adv: Update TODO file to reflect current state Andrew Lunn
2010-05-07 19:47 ` [B.A.T.M.A.N.] [PATCH 24/26] Staging: batman-adv: Fix whitespace problems criticized by checkpatch.pl Andrew Lunn
2010-05-07 19:47 ` [B.A.T.M.A.N.] [PATCH 25/26] Staging: batman-adv: Reduce max characters on a line to 80 Andrew Lunn
2010-05-07 19:47 ` [B.A.T.M.A.N.] [PATCH 26/26] Staging: batman-adv: updating README Andrew Lunn
-- strict thread matches above, loose matches on Subject: below --
2010-05-06 20:18 [B.A.T.M.A.N.] [PATCH 00/26] staging:batman-adv Andrew Lunn
2010-05-06 20:18 ` [B.A.T.M.A.N.] [PATCH 22/26] staging:batman-adv: Update pointer to ethhdr after skb_copy Andrew Lunn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1273261651-21378-23-git-send-email-andrew@lunn.ch \
--to=andrew@lunn.ch \
--cc=b.a.t.m.a.n@lists.open-mesh.net \
--cc=b.a.t.m.a.n@lists.open-mesh.org \
--cc=greg@kroah.com \
--cc=lindner_marek@yahoo.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).