Netdev Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH] drivers/net/wan/lapbether.c: Fixed kernel panic when used with AF_PACKET sockets
@ 2020-05-28  3:21 Xie He
  2020-06-01 18:32 ` David Miller
  0 siblings, 1 reply; 3+ messages in thread
From: Xie He @ 2020-05-28  3:21 UTC (permalink / raw)
  To: David S. Miller, Jakub Kicinski, Madhuparna Bhowmik, Xie He,
	netdev, linux-kernel

When we use "AF_PACKET" sockets to send data directly over LAPB over
Ethernet using this driver, the kernel will panic because of
insufficient header space allocated in the "sk_buff" struct.

The header space needs 18 bytes because:
  the lapbether driver will remove a pseudo header of 1 byte;
  the lapb module will prepend the LAPB header of 2 or 3 bytes;
  the lapbether driver will prepend a length field of 2 bytes and the
Ethernet header of 14 bytes.

So -1 + 3 + 16 = 18.

Signed-off-by: Xie He <hexie3605@gmail.com>
---
 drivers/net/wan/lapbether.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/net/wan/lapbether.c b/drivers/net/wan/lapbether.c
index e30d91a38cfb..619413f5d432 100644
--- a/drivers/net/wan/lapbether.c
+++ b/drivers/net/wan/lapbether.c
@@ -303,7 +303,8 @@ static void lapbeth_setup(struct net_device *dev)
 	dev->netdev_ops	     = &lapbeth_netdev_ops;
 	dev->needs_free_netdev = true;
 	dev->type            = ARPHRD_X25;
-	dev->hard_header_len = 3;
+	/* 18 = -1 (lapbether) + 3 (lapb) + 16 (lapbether) */
+	dev->hard_header_len = 18;
 	dev->mtu             = 1000;
 	dev->addr_len        = 0;
 }
-- 
2.25.1


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] drivers/net/wan/lapbether.c: Fixed kernel panic when used with AF_PACKET sockets
  2020-05-28  3:21 [PATCH] drivers/net/wan/lapbether.c: Fixed kernel panic when used with AF_PACKET sockets Xie He
@ 2020-06-01 18:32 ` David Miller
  2020-06-30 16:01   ` Xie He
  0 siblings, 1 reply; 3+ messages in thread
From: David Miller @ 2020-06-01 18:32 UTC (permalink / raw)
  To: hexie3605; +Cc: kuba, madhuparnabhowmik04, netdev, linux-kernel

From: Xie He <hexie3605@gmail.com>
Date: Wed, 27 May 2020 20:21:33 -0700

> When we use "AF_PACKET" sockets to send data directly over LAPB over
> Ethernet using this driver, the kernel will panic because of
> insufficient header space allocated in the "sk_buff" struct.
> 
> The header space needs 18 bytes because:
>   the lapbether driver will remove a pseudo header of 1 byte;
>   the lapb module will prepend the LAPB header of 2 or 3 bytes;
>   the lapbether driver will prepend a length field of 2 bytes and the
> Ethernet header of 14 bytes.
> 
> So -1 + 3 + 16 = 18.
> 
> Signed-off-by: Xie He <hexie3605@gmail.com>

This is not the real problem.

The real problem is that this is a stacked, layered, device and the
lapbether driver does not take the inner device's header length into
consideration.  It should take this from the child device's netdev
structure rather than use constants.

Your test case will still fail when lapbether is stacked on top of a
VLAN device or similar, even with your changes.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] drivers/net/wan/lapbether.c: Fixed kernel panic when used with AF_PACKET sockets
  2020-06-01 18:32 ` David Miller
@ 2020-06-30 16:01   ` Xie He
  0 siblings, 0 replies; 3+ messages in thread
From: Xie He @ 2020-06-30 16:01 UTC (permalink / raw)
  To: David Miller; +Cc: Jakub Kicinski, Madhuparna Bhowmik, netdev, linux-kernel

From: David Miller <davem@davemloft.net>
Date: Mon, Jun 1, 2020 at 11:32 AM -0700
>
> From: Xie He <hexie3605@gmail.com>
> Date: Wed, 27 May 2020 20:21:33 -0700
>
> > When we use "AF_PACKET" sockets to send data directly over LAPB over
> > Ethernet using this driver, the kernel will panic because of
> > insufficient header space allocated in the "sk_buff" struct.
> >
> > The header space needs 18 bytes because:
> >   the lapbether driver will remove a pseudo header of 1 byte;
> >   the lapb module will prepend the LAPB header of 2 or 3 bytes;
> >   the lapbether driver will prepend a length field of 2 bytes and the
> > Ethernet header of 14 bytes.
> >
> > So -1 + 3 + 16 = 18.
> >
> > Signed-off-by: Xie He <hexie3605@gmail.com>
>
> This is not the real problem.
>
> The real problem is that this is a stacked, layered, device and the
> lapbether driver does not take the inner device's header length into
> consideration.  It should take this from the child device's netdev
> structure rather than use constants.
>
> Your test case will still fail when lapbether is stacked on top of a
> VLAN device or similar, even with your changes.

Thank you for your email! I'm sorry I didn't see your email previously
because of problems with my mailbox.

Yes, you are right. I'll use better ways to improve this and re-submit
my patch. Thanks for pointing this out.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-28  3:21 [PATCH] drivers/net/wan/lapbether.c: Fixed kernel panic when used with AF_PACKET sockets Xie He
2020-06-01 18:32 ` David Miller
2020-06-30 16:01   ` Xie He

Netdev Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/netdev/0 netdev/git/0.git
	git clone --mirror https://lore.kernel.org/netdev/1 netdev/git/1.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 netdev netdev/ https://lore.kernel.org/netdev \
		netdev@vger.kernel.org
	public-inbox-index netdev

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.netdev


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git