batman-adv: Update pointer to ethhdr after skb_copy
Commit Message
We must ensure that all pointer to a socket buffer are updated when we
copy a socket buffer and free our reference to the old one.
Another part of the kernel could also free its reference which maybe
removes the buffer completely. In that situation we would would feed
wrong information to the routing algorithm after the memory area is
written again by someone else.
Signed-off-by: Sven Eckelmann <sven.eckelmann@gmx.de>
---
batman-adv-kernelland/routing.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
Comments
On Monday 26 April 2010 07:24:13 Sven Eckelmann wrote:
> We must ensure that all pointer to a socket buffer are updated when we
> copy a socket buffer and free our reference to the old one.
> Another part of the kernel could also free its reference which maybe
> removes the buffer completely. In that situation we would would feed
> wrong information to the routing algorithm after the memory area is
> written again by someone else.
Good catch !
> @@ -960,6 +963,7 @@ int recv_icmp_packet(struct sk_buff *skb)
> if (!skb)
> return NET_RX_DROP;
> icmp_packet = (struct icmp_packet_rr *)skb->data;
> + ethhdr = (struct ethhdr *)skb_mac_header(skb);
> kfree_skb(skb_old);
> }
>
> @@ -1106,6 +1110,7 @@ int recv_unicast_packet(struct sk_buff *skb)
> if (!skb)
> return NET_RX_DROP;
> unicast_packet = (struct unicast_packet *) skb->data;
> + ethhdr = (struct ethhdr *)skb_mac_header(skb);
> kfree_skb(skb_old);
> }
I was about to commit your patch when I fell over these last 2 changes. I
can't see why we need them. What did I miss ?
Regards,
Marek
Marek Lindner wrote:
> > @@ -1106,6 +1110,7 @@ int recv_unicast_packet(struct sk_buff *skb)
> >
> > if (!skb)
> >
> > return NET_RX_DROP;
> >
> > unicast_packet = (struct unicast_packet *) skb->data;
> >
> > + ethhdr = (struct ethhdr *)skb_mac_header(skb);
> >
> > kfree_skb(skb_old);
> >
> > }
>
> I was about to commit your patch when I fell over these last 2 changes. I
> can't see why we need them. What did I miss ?
They are not really needed, but just wanted to have them in for later usage
and to have it more consistent (otherwise copy and paste easily leads to funny
effects for some people which cannot be reproduced by the maintainers). So it
could be removed in recv_icmp_packet and recv_unicast_packet if you prefer it.
Best regards,
Sven
On Monday 26 April 2010 17:24:13 Sven Eckelmann wrote:
> They are not really needed, but just wanted to have them in for later
> usage and to have it more consistent (otherwise copy and paste easily
> leads to funny effects for some people which cannot be reproduced by the
> maintainers). So it could be removed in recv_icmp_packet and
> recv_unicast_packet if you prefer it.
Ok, I somehow figured that this was meant to combat copy & paste but I wanted
to make sure. :-)
Your patch was applied in revision 1640.
Thanks,
Marek
@@ -747,6 +747,7 @@ int recv_bat_packet(struct sk_buff *skb,
skb = skb_copy(skb, GFP_ATOMIC);
if (!skb)
return NET_RX_DROP;
+ ethhdr = (struct ethhdr *)skb_mac_header(skb);
kfree_skb(skb_old);
}
@@ -805,6 +806,7 @@ static int recv_my_icmp_packet(struct sk_buff *skb, size_t icmp_len)
if (!skb)
return NET_RX_DROP;
icmp_packet = (struct icmp_packet_rr *)skb->data;
+ ethhdr = (struct ethhdr *)skb_mac_header(skb);
kfree_skb(skb_old);
}
@@ -865,6 +867,7 @@ static int recv_icmp_ttl_exceeded(struct sk_buff *skb, size_t icmp_len)
if (!skb)
return NET_RX_DROP;
icmp_packet = (struct icmp_packet *) skb->data;
+ ethhdr = (struct ethhdr *)skb_mac_header(skb);
kfree_skb(skb_old);
}
@@ -960,6 +963,7 @@ int recv_icmp_packet(struct sk_buff *skb)
if (!skb)
return NET_RX_DROP;
icmp_packet = (struct icmp_packet_rr *)skb->data;
+ ethhdr = (struct ethhdr *)skb_mac_header(skb);
kfree_skb(skb_old);
}
@@ -1106,6 +1110,7 @@ int recv_unicast_packet(struct sk_buff *skb)
if (!skb)
return NET_RX_DROP;
unicast_packet = (struct unicast_packet *) skb->data;
+ ethhdr = (struct ethhdr *)skb_mac_header(skb);
kfree_skb(skb_old);
}