From patchwork Sun Mar 14 17:15:55 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sven Eckelmann X-Patchwork-Id: 24 Return-Path: Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by open-mesh.net (Postfix) with SMTP id 97D19154327 for ; Sun, 14 Mar 2010 18:16:26 +0100 (CET) Received: (qmail invoked by alias); 14 Mar 2010 17:16:04 -0000 Received: from unknown (EHLO sven-desktop.lazhur.ath.cx) [89.246.200.130] by mail.gmx.net (mp047) with SMTP; 14 Mar 2010 18:16:04 +0100 X-Authenticated: #15668376 X-Provags-ID: V01U2FsdGVkX1+T9KNbwxqTGICc7qQwyExj7uHhweJHKXTwrJzXN6 klh+cnIpdHjCwk From: Sven Eckelmann To: b.a.t.m.a.n@lists.open-mesh.org Date: Sun, 14 Mar 2010 18:15:55 +0100 Message-Id: <1268586955-29220-1-git-send-email-sven.eckelmann@gmx.de> X-Mailer: git-send-email 1.7.0 In-Reply-To: <20100314155025.GA18908@sven-atom.lazhur.ath.cx> References: <20100314155025.GA18908@sven-atom.lazhur.ath.cx> X-Y-GMX-Trusted: 0 X-FuHaFi: 0.46000000000000002 Subject: [B.A.T.M.A.N.] [PATCHv2] batman-adv: Clone shared bat packets before modifying them X-BeenThere: b.a.t.m.a.n@lists.open-mesh.org X-Mailman-Version: 2.1.11 Precedence: list Reply-To: The list for a Better Approach To Mobile Ad-hoc Networking List-Id: The list for a Better Approach To Mobile Ad-hoc Networking List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Mar 2010 17:16:26 -0000 "tcpdump" and "batctl td" will receive packets with a wrong sequence number on systems with a different endianess than network byte order. This happens due to the reordering of bytes in the function which handles aggregated bat packets. The function which receives the bat packets must ensure that these buffers aren't shared with anything else before that function tries to write into it. Otherwise it has to copy the buffers so it is save again to change them. Reported-by: Kevin Steen Signed-off-by: Sven Eckelmann --- batman-adv-kernelland/routing.c | 16 ++++++++++++---- 1 files changed, 12 insertions(+), 4 deletions(-) diff --git a/batman-adv-kernelland/routing.c b/batman-adv-kernelland/routing.c index 8610b22..0051259 100644 --- a/batman-adv-kernelland/routing.c +++ b/batman-adv-kernelland/routing.c @@ -680,6 +680,7 @@ int recv_bat_packet(struct sk_buff *skb, { struct ethhdr *ethhdr; unsigned long flags; + struct sk_buff *skb_old; /* drop packet if it has not necessary minimum size */ if (skb_headlen(skb) < sizeof(struct batman_packet)) @@ -695,12 +696,19 @@ int recv_bat_packet(struct sk_buff *skb, if (is_bcast(ethhdr->h_source)) return NET_RX_DROP; - spin_lock_irqsave(&orig_hash_lock, flags); /* TODO: we use headlen instead of "length", because * only this data is paged in. */ - /* TODO: is another skb_copy needed here? there will be - * written on the data, but nobody (?) should further use - * this data */ + + /* create a copy of the skb, if needed, to modify it. */ + if (!skb_clone_writable(skb, skb_headlen(skb))) { + skb_old = skb; + skb = skb_copy(skb, GFP_ATOMIC); + if (!skb) + return NET_RX_DROP; + kfree_skb(skb_old); + } + + spin_lock_irqsave(&orig_hash_lock, flags); receive_aggr_bat_packet(ethhdr, skb->data, skb_headlen(skb),