From patchwork Mon Jan 20 10:00:19 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Linus_L=C3=BCssing?= <linus.luessing@web.de>
X-Patchwork-Id: 3745
Return-Path: <linus.luessing@web.de>
Received-SPF: None (no SPF record) identity=mailfrom; client-ip=212.227.15.3;
	helo=mout.web.de; envelope-from=linus.luessing@web.de;
	receiver=b.a.t.m.a.n@lists.open-mesh.org
Received: from mout.web.de (mout.web.de [212.227.15.3])
	by open-mesh.org (Postfix) with ESMTPS id 82EB96022D2
	for <b.a.t.m.a.n@lists.open-mesh.org>;
	Mon, 20 Jan 2014 10:59:58 +0100 (CET)
Received: from localhost ([95.211.148.154]) by smtp.web.de (mrweb002) with
	ESMTPSA (Nemesis) id 0MX0q4-1Vqlvk3Ync-00Vuvr for
	<b.a.t.m.a.n@lists.open-mesh.org>; Mon, 20 Jan 2014 10:59:58 +0100
From: =?UTF-8?q?Linus=20L=C3=BCssing?= <linus.luessing@web.de>
To: b.a.t.m.a.n@lists.open-mesh.org
Date: Mon, 20 Jan 2014 11:00:19 +0100
Message-Id: <1390212019-9681-1-git-send-email-linus.luessing@web.de>
X-Mailer: git-send-email 1.8.5.2
MIME-Version: 1.0
X-Provags-ID: V03:K0:h6nepOkB3+WQVI09pta5M3GwBAsc/9hB9gDykMqKkTDEF3qiwtg
	etns1J0ZayvXR1re/hGOl+YrRtIjTcgl3/GNgeMfDMqlc0j9XOpTY6jTB3RV8+cLhXTUO/T
	8ETzx4wddrZqf8sOXoOSiVzi5fCtSX6frFYmpErTh4Zjcv6GPE7WNDJzXuCLp/K6DcZKPYH
	Lmk8Eol4XCOm3+yc4fWbg==
Subject: [B.A.T.M.A.N.] [PATCHv3 maint] batman-adv: fix potential kernel
	paging error for unicast transmissions
X-BeenThere: b.a.t.m.a.n@lists.open-mesh.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: The list for a Better Approach To Mobile Ad-hoc Networking
	<b.a.t.m.a.n@lists.open-mesh.org>
List-Id: The list for a Better Approach To Mobile Ad-hoc Networking
	<b.a.t.m.a.n.lists.open-mesh.org>
List-Unsubscribe: <https://lists.open-mesh.org/mm/options/b.a.t.m.a.n>,
	<mailto:b.a.t.m.a.n-request@lists.open-mesh.org?subject=unsubscribe>
List-Archive: <http://lists.open-mesh.org/pipermail/b.a.t.m.a.n/>
List-Post: <mailto:b.a.t.m.a.n@lists.open-mesh.org>
List-Help: <mailto:b.a.t.m.a.n-request@lists.open-mesh.org?subject=help>
List-Subscribe: <https://lists.open-mesh.org/mm/listinfo/b.a.t.m.a.n>,
	<mailto:b.a.t.m.a.n-request@lists.open-mesh.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jan 2014 09:59:58 -0000

batadv_send_skb_prepare_unicast(_4addr) might reallocate the skb's
data. If it does then our ethhdr pointer is not valid anymore in
batadv_send_skb_unicast(), resulting in a kernel paging error.

Fixing this by refetching the ethhdr pointer after the potential
reallocation.

Introduced-by: b46c60b9e1ee7a1909c542413a85875a750955d6
("batman-adv: improve unicast packet (re)routing")

Signed-off-by: Linus Lüssing <linus.luessing@web.de>
---
Changes v3:
* now rebased on maint
* added "Introduced-by"
* removed "NOTE TO..." paragraph
  (still can't be applied as is to kernels < 3.9)

 send.c |    4 ++++
 1 file changed, 4 insertions(+)

diff --git a/send.c b/send.c
index b0a3d76..50df184 100644
--- a/send.c
+++ b/send.c
@@ -281,6 +281,10 @@ static int batadv_send_skb_unicast(struct batadv_priv *bat_priv,
 		goto out;
 	}
 
+	/* skb->data might have been reallocated by
+	 * batadv_send_skb_prepare_unicast*
+	 */
+	ethhdr = eth_hdr(skb);
 	unicast_packet = (struct batadv_unicast_packet *)skb->data;
 
 	/* inform the destination node that we are still missing a correct route