From patchwork Sun Nov 30 10:36:27 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Philipp Psurek X-Patchwork-Id: 4253 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=74.125.82.44; helo=mail-wg0-f44.google.com; envelope-from=philipp.psurek@gmail.com; receiver=b.a.t.m.a.n@lists.open-mesh.org Received: from mail-wg0-f44.google.com (mail-wg0-f44.google.com [74.125.82.44]) by open-mesh.org (Postfix) with ESMTPS id 5F7A4600ABE for ; Sun, 30 Nov 2014 11:36:30 +0100 (CET) Received: by mail-wg0-f44.google.com with SMTP id b13so11892059wgh.3 for ; Sun, 30 Nov 2014 02:36:30 -0800 (PST) X-Received: by 10.180.103.38 with SMTP id ft6mr36325222wib.19.1417343789925; Sun, 30 Nov 2014 02:36:29 -0800 (PST) Received: from [192.168.25.250] (dslb-188-109-002-173.188.109.pools.vodafone-ip.de. [188.109.2.173]) by mx.google.com with ESMTPSA id eq4sm4271491wjd.42.2014.11.30.02.36.28 for (version=SSLv3 cipher=RC4-SHA bits=128/128); Sun, 30 Nov 2014 02:36:29 -0800 (PST) Message-ID: <1417343787.5442.20.camel@katze> From: Philipp Psurek To: Martin =?ISO-8859-1?Q?Hundeb=F8ll?= Date: Sun, 30 Nov 2014 11:36:27 +0100 In-Reply-To: <5474CCF8.9030008@hundeboll.net> References: <1416938767-29156-1-git-send-email-sven@narfation.org> <5474CCF8.9030008@hundeboll.net> X-Mailer: Evolution 3.8.5-2+b1 Mime-Version: 1.0 Cc: b.a.t.m.a.n@lists.open-mesh.org Subject: Re: [B.A.T.M.A.N.] [PATCH] batman-adv: Check size information when reassembling fragments X-BeenThere: b.a.t.m.a.n@lists.open-mesh.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: The list for a Better Approach To Mobile Ad-hoc Networking List-Id: The list for a Better Approach To Mobile Ad-hoc Networking List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Nov 2014 10:36:30 -0000 Hi Sven, hi Martin, hi all I thought after 6 days with 3.17.4 without your patch the crashes had been solved with the new kernel. But the server crashed again yesterday. So I implement your patch. Am Dienstag, den 25.11.2014, 19:39 +0100 schrieb Martin Hundebøll: > Philipp: > Can you please test this patch, and report back if it fixes your crash? Patching was not trivial because the lines have changed. I did this manually. I hope, I did it right. So now, after 10 h, there has been a crash. I suggest, you tell me how to extract the bogus packages from the vmcore dump so you can test them in the lab by yourselves. You also can send me links with simple instructions to study to complete this task because I do not know what to do. Best regards Philipp diff -u fragmentation.c.ori fragmentation.c --- fragmentation.c.ori 2014-11-25 10:04:40.000000000 +0100 +++ fragmentation.c 2014-11-29 23:57:33.000000000 +0100 @@ -162,6 +162,7 @@ hlist_add_head(&frag_entry_new->list, &chain->head); chain->size = skb->len - hdr_size; chain->timestamp = jiffies; + chain->total_size = ntohs(frag_packet->total_size); ret = true; goto out; } @@ -196,9 +197,11 @@ out: if (chain->size > batadv_frag_size_limit() || - ntohs(frag_packet->total_size) > batadv_frag_size_limit()) { + chain->total_size != ntohs(frag_packet->total_size) || + chain->total_size > batadv_frag_size_limit()) { /* Clear chain if total size of either the list or the packet - * exceeds the maximum size of one merged packet. + * exceeds the maximum size of one merged packet. Don't allow + * packets to have different total_size. */ batadv_frag_clear_chain(&chain->head); chain->size = 0; diff -u types.h.ori types.h --- types.h.ori 2014-11-29 23:51:40.000000000 +0100 +++ types.h 2014-11-30 00:02:21.000000000 +0100 @@ -140,6 +140,7 @@ unsigned long timestamp; uint16_t seqno; uint16_t size; + uint16_t total_size; }; /**