* [B.A.T.M.A.N.] [PATCH] batman-adv: fix memory access by setting mac_header in DAT
@ 2014-02-11 10:26 Antonio Quartulli
2014-02-11 10:35 ` Antonio Quartulli
0 siblings, 1 reply; 4+ messages in thread
From: Antonio Quartulli @ 2014-02-11 10:26 UTC (permalink / raw)
To: b.a.t.m.a.n; +Cc: Antonio Quartulli
In the TX path we now have functions that rely on the
skb->mac_header field. DAT does not set such field when
creating its own ARP packets thus leading to wrong memory
access.
Fix it by always setting the mac_header after having forged
the ARP packet.
Reported-by: Russel Senior <russell@personaltelco.net>
Signed-off-by: Antonio Quartulli <antonio@meshcoding.com>
Tested-by: Russel Senior <russell@personaltelco.net>
---
distributed-arp-table.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/distributed-arp-table.c b/distributed-arp-table.c
index 6da587a..0b69b61 100644
--- a/distributed-arp-table.c
+++ b/distributed-arp-table.c
@@ -1028,6 +1028,11 @@ bool batadv_dat_snoop_incoming_arp_request(struct batadv_priv *bat_priv,
if (!skb_new)
goto out;
+ /* the rest of the TX path assumes that the mac_header offset pointing
+ * to the inner Ethernet header has been set, therefore reset it now.
+ */
+ skb_reset_mac_header(skb_new);
+
if (vid & BATADV_VLAN_HAS_TAG)
skb_new = vlan_insert_tag(skb_new, htons(ETH_P_8021Q),
vid & VLAN_VID_MASK);
--
1.8.5.3
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [B.A.T.M.A.N.] [PATCH] batman-adv: fix memory access by setting mac_header in DAT
2014-02-11 10:26 [B.A.T.M.A.N.] [PATCH] batman-adv: fix memory access by setting mac_header in DAT Antonio Quartulli
@ 2014-02-11 10:35 ` Antonio Quartulli
2014-02-11 10:58 ` Antonio Quartulli
0 siblings, 1 reply; 4+ messages in thread
From: Antonio Quartulli @ 2014-02-11 10:35 UTC (permalink / raw)
To: b.a.t.m.a.n
[-- Attachment #1: Type: text/plain, Size: 587 bytes --]
On 11/02/14 11:26, Antonio Quartulli wrote:
> In the TX path we now have functions that rely on the
> skb->mac_header field. DAT does not set such field when
> creating its own ARP packets thus leading to wrong memory
> access.
>
> Fix it by always setting the mac_header after having forged
> the ARP packet.
>
> Reported-by: Russel Senior <russell@personaltelco.net>
> Signed-off-by: Antonio Quartulli <antonio@meshcoding.com>
> Tested-by: Russel Senior <russell@personaltelco.net>
This patch is supposed to be applied on maint.
Cheers,
--
Antonio Quartulli
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [B.A.T.M.A.N.] [PATCH] batman-adv: fix memory access by setting mac_header in DAT
2014-02-11 10:35 ` Antonio Quartulli
@ 2014-02-11 10:58 ` Antonio Quartulli
2014-02-11 12:08 ` Marek Lindner
0 siblings, 1 reply; 4+ messages in thread
From: Antonio Quartulli @ 2014-02-11 10:58 UTC (permalink / raw)
To: b.a.t.m.a.n
[-- Attachment #1: Type: text/plain, Size: 897 bytes --]
On 11/02/14 11:35, Antonio Quartulli wrote:
> On 11/02/14 11:26, Antonio Quartulli wrote:
>> In the TX path we now have functions that rely on the
>> skb->mac_header field. DAT does not set such field when
>> creating its own ARP packets thus leading to wrong memory
>> access.
>>
>> Fix it by always setting the mac_header after having forged
>> the ARP packet.
>>
>> Reported-by: Russel Senior <russell@personaltelco.net>
>> Signed-off-by: Antonio Quartulli <antonio@meshcoding.com>
>> Tested-by: Russel Senior <russell@personaltelco.net>
>
> This patch is supposed to be applied on maint.
Introduced by 41b38727749a94c1a65cf0f4be9bfe1cbaf0adeb
("batman-adv: fix potential kernel paging error for unicast transmissions")
In this patch we have the introduction of eth_hdr() in
batadv_send_skb_unicast() which creates the problem..
Cheers,
--
Antonio Quartulli
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [B.A.T.M.A.N.] [PATCH] batman-adv: fix memory access by setting mac_header in DAT
2014-02-11 10:58 ` Antonio Quartulli
@ 2014-02-11 12:08 ` Marek Lindner
0 siblings, 0 replies; 4+ messages in thread
From: Marek Lindner @ 2014-02-11 12:08 UTC (permalink / raw)
To: b.a.t.m.a.n; +Cc: Antonio Quartulli
[-- Attachment #1: Type: text/plain, Size: 878 bytes --]
On Tuesday 11 February 2014 11:58:26 Antonio Quartulli wrote:
> On 11/02/14 11:35, Antonio Quartulli wrote:
> > On 11/02/14 11:26, Antonio Quartulli wrote:
> >> In the TX path we now have functions that rely on the
> >> skb->mac_header field. DAT does not set such field when
> >> creating its own ARP packets thus leading to wrong memory
> >> access.
> >>
> >> Fix it by always setting the mac_header after having forged
> >> the ARP packet.
> >>
> >> Reported-by: Russel Senior <russell@personaltelco.net>
> >> Signed-off-by: Antonio Quartulli <antonio@meshcoding.com>
> >> Tested-by: Russel Senior <russell@personaltelco.net>
> >
> >
> >
> > This patch is supposed to be applied on maint.
>
> Introduced by 41b38727749a94c1a65cf0f4be9bfe1cbaf0adeb
> ("batman-adv: fix potential kernel paging error for unicast transmissions")
Applied in revision df99b07.
Thanks,
Marek
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 490 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-02-11 12:08 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-02-11 10:26 [B.A.T.M.A.N.] [PATCH] batman-adv: fix memory access by setting mac_header in DAT Antonio Quartulli
2014-02-11 10:35 ` Antonio Quartulli
2014-02-11 10:58 ` Antonio Quartulli
2014-02-11 12:08 ` Marek Lindner
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).