* [B.A.T.M.A.N.] [PATCH] batman-adv: fix memory access by setting mac_header in DAT @ 2014-02-11 10:26 Antonio Quartulli 2014-02-11 10:35 ` Antonio Quartulli 0 siblings, 1 reply; 4+ messages in thread From: Antonio Quartulli @ 2014-02-11 10:26 UTC (permalink / raw) To: b.a.t.m.a.n; +Cc: Antonio Quartulli In the TX path we now have functions that rely on the skb->mac_header field. DAT does not set such field when creating its own ARP packets thus leading to wrong memory access. Fix it by always setting the mac_header after having forged the ARP packet. Reported-by: Russel Senior <russell@personaltelco.net> Signed-off-by: Antonio Quartulli <antonio@meshcoding.com> Tested-by: Russel Senior <russell@personaltelco.net> --- distributed-arp-table.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/distributed-arp-table.c b/distributed-arp-table.c index 6da587a..0b69b61 100644 --- a/distributed-arp-table.c +++ b/distributed-arp-table.c @@ -1028,6 +1028,11 @@ bool batadv_dat_snoop_incoming_arp_request(struct batadv_priv *bat_priv, if (!skb_new) goto out; + /* the rest of the TX path assumes that the mac_header offset pointing + * to the inner Ethernet header has been set, therefore reset it now. + */ + skb_reset_mac_header(skb_new); + if (vid & BATADV_VLAN_HAS_TAG) skb_new = vlan_insert_tag(skb_new, htons(ETH_P_8021Q), vid & VLAN_VID_MASK); -- 1.8.5.3 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [B.A.T.M.A.N.] [PATCH] batman-adv: fix memory access by setting mac_header in DAT 2014-02-11 10:26 [B.A.T.M.A.N.] [PATCH] batman-adv: fix memory access by setting mac_header in DAT Antonio Quartulli @ 2014-02-11 10:35 ` Antonio Quartulli 2014-02-11 10:58 ` Antonio Quartulli 0 siblings, 1 reply; 4+ messages in thread From: Antonio Quartulli @ 2014-02-11 10:35 UTC (permalink / raw) To: b.a.t.m.a.n [-- Attachment #1: Type: text/plain, Size: 587 bytes --] On 11/02/14 11:26, Antonio Quartulli wrote: > In the TX path we now have functions that rely on the > skb->mac_header field. DAT does not set such field when > creating its own ARP packets thus leading to wrong memory > access. > > Fix it by always setting the mac_header after having forged > the ARP packet. > > Reported-by: Russel Senior <russell@personaltelco.net> > Signed-off-by: Antonio Quartulli <antonio@meshcoding.com> > Tested-by: Russel Senior <russell@personaltelco.net> This patch is supposed to be applied on maint. Cheers, -- Antonio Quartulli [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 836 bytes --] ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [B.A.T.M.A.N.] [PATCH] batman-adv: fix memory access by setting mac_header in DAT 2014-02-11 10:35 ` Antonio Quartulli @ 2014-02-11 10:58 ` Antonio Quartulli 2014-02-11 12:08 ` Marek Lindner 0 siblings, 1 reply; 4+ messages in thread From: Antonio Quartulli @ 2014-02-11 10:58 UTC (permalink / raw) To: b.a.t.m.a.n [-- Attachment #1: Type: text/plain, Size: 897 bytes --] On 11/02/14 11:35, Antonio Quartulli wrote: > On 11/02/14 11:26, Antonio Quartulli wrote: >> In the TX path we now have functions that rely on the >> skb->mac_header field. DAT does not set such field when >> creating its own ARP packets thus leading to wrong memory >> access. >> >> Fix it by always setting the mac_header after having forged >> the ARP packet. >> >> Reported-by: Russel Senior <russell@personaltelco.net> >> Signed-off-by: Antonio Quartulli <antonio@meshcoding.com> >> Tested-by: Russel Senior <russell@personaltelco.net> > > This patch is supposed to be applied on maint. Introduced by 41b38727749a94c1a65cf0f4be9bfe1cbaf0adeb ("batman-adv: fix potential kernel paging error for unicast transmissions") In this patch we have the introduction of eth_hdr() in batadv_send_skb_unicast() which creates the problem.. Cheers, -- Antonio Quartulli [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 836 bytes --] ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [B.A.T.M.A.N.] [PATCH] batman-adv: fix memory access by setting mac_header in DAT 2014-02-11 10:58 ` Antonio Quartulli @ 2014-02-11 12:08 ` Marek Lindner 0 siblings, 0 replies; 4+ messages in thread From: Marek Lindner @ 2014-02-11 12:08 UTC (permalink / raw) To: b.a.t.m.a.n; +Cc: Antonio Quartulli [-- Attachment #1: Type: text/plain, Size: 878 bytes --] On Tuesday 11 February 2014 11:58:26 Antonio Quartulli wrote: > On 11/02/14 11:35, Antonio Quartulli wrote: > > On 11/02/14 11:26, Antonio Quartulli wrote: > >> In the TX path we now have functions that rely on the > >> skb->mac_header field. DAT does not set such field when > >> creating its own ARP packets thus leading to wrong memory > >> access. > >> > >> Fix it by always setting the mac_header after having forged > >> the ARP packet. > >> > >> Reported-by: Russel Senior <russell@personaltelco.net> > >> Signed-off-by: Antonio Quartulli <antonio@meshcoding.com> > >> Tested-by: Russel Senior <russell@personaltelco.net> > > > > > > > > This patch is supposed to be applied on maint. > > Introduced by 41b38727749a94c1a65cf0f4be9bfe1cbaf0adeb > ("batman-adv: fix potential kernel paging error for unicast transmissions") Applied in revision df99b07. Thanks, Marek [-- Attachment #2: This is a digitally signed message part. --] [-- Type: application/pgp-signature, Size: 490 bytes --] ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-02-11 12:08 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2014-02-11 10:26 [B.A.T.M.A.N.] [PATCH] batman-adv: fix memory access by setting mac_header in DAT Antonio Quartulli 2014-02-11 10:35 ` Antonio Quartulli 2014-02-11 10:58 ` Antonio Quartulli 2014-02-11 12:08 ` Marek Lindner
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox