diff mbox

[v4,maint] batman-adv: fix potential kernel paging error for unicast transmissions

Message ID 1390212404-9726-1-git-send-email-linus.luessing@web.de (mailing list archive)
State Accepted, archived
Headers

Commit Message

Linus Lüssing Jan. 20, 2014, 10:06 a.m. UTC 
  batadv_send_skb_prepare_unicast(_4addr) might reallocate the skb's
data. If it does then our ethhdr pointer is not valid anymore in
batadv_send_skb_unicast(), resulting in a kernel paging error.

Fixing this by refetching the ethhdr pointer after the potential
reallocation.

Introduced by b46c60b9e1ee7a1909c542413a85875a750955d6
("batman-adv: improve unicast packet (re)routing")

Signed-off-by: Linus Lüssing <linus.luessing@web.de>
---
Changes v4:
* "s/Introduced-by:/Introduced by/" to make checkpatch happy

 send.c |    4 ++++
 1 file changed, 4 insertions(+)

Comments

Antonio Quartulli Jan. 20, 2014, 3:07 p.m. UTC | #1 
On 20/01/14 11:06, Linus Lüssing wrote:
> batadv_send_skb_prepare_unicast(_4addr) might reallocate the skb's
> data. If it does then our ethhdr pointer is not valid anymore in
> batadv_send_skb_unicast(), resulting in a kernel paging error.
> 
> Fixing this by refetching the ethhdr pointer after the potential
> reallocation.
> 
> Introduced by b46c60b9e1ee7a1909c542413a85875a750955d6
> ("batman-adv: improve unicast packet (re)routing")
> 
> Signed-off-by: Linus Lüssing <linus.luessing@web.de>

Acked-by: Antonio Quartulli <antonio@meshcoding.com>

> ---
> Changes v4:
> * "s/Introduced-by:/Introduced by/" to make checkpatch happy
> 
>  send.c |    4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/send.c b/send.c
> index b0a3d76..50df184 100644
> --- a/send.c
> +++ b/send.c
> @@ -281,6 +281,10 @@ static int batadv_send_skb_unicast(struct batadv_priv *bat_priv,
>  		goto out;
>  	}
>  
> +	/* skb->data might have been reallocated by
> +	 * batadv_send_skb_prepare_unicast*
> +	 */
> +	ethhdr = eth_hdr(skb);
>  	unicast_packet = (struct batadv_unicast_packet *)skb->data;
>  
>  	/* inform the destination node that we are still missing a correct route
>
Marek Lindner Jan. 27, 2014, 7:45 a.m. UTC | #2 
On Monday 20 January 2014 16:07:53 Antonio Quartulli wrote:
> On 20/01/14 11:06, Linus Lüssing wrote:
> > batadv_send_skb_prepare_unicast(_4addr) might reallocate the skb's
> > data. If it does then our ethhdr pointer is not valid anymore in
> > batadv_send_skb_unicast(), resulting in a kernel paging error.
> >
> > 
> >
> > Fixing this by refetching the ethhdr pointer after the potential
> > reallocation.
> >
> > 
> >
> > Introduced by b46c60b9e1ee7a1909c542413a85875a750955d6
> > ("batman-adv: improve unicast packet (re)routing")
> >
> > 
> >
> > Signed-off-by: Linus Lüssing <linus.luessing@web.de>
> 
> Acked-by: Antonio Quartulli <antonio@meshcoding.com>

Applied in revision 41b3872.

Thanks,
Marek
diff mbox

Patch

diff --git a/send.c b/send.c
index b0a3d76..50df184 100644
--- a/send.c
+++ b/send.c
@@ -281,6 +281,10 @@  static int batadv_send_skb_unicast(struct batadv_priv *bat_priv,
 		goto out;
 	}
 
+	/* skb->data might have been reallocated by
+	 * batadv_send_skb_prepare_unicast*
+	 */
+	ethhdr = eth_hdr(skb);
 	unicast_packet = (struct batadv_unicast_packet *)skb->data;
 
 	/* inform the destination node that we are still missing a correct route