Re: [B.A.T.M.A.N.] [PATCH] batman-adv: fix skb->data assignment

public inbox for b.a.t.m.a.n@lists.open-mesh.org
 help / color / mirror / Atom feed

From: Sven Eckelmann <sven@narfation.org>
To: b.a.t.m.a.n@lists.open-mesh.org
Subject: Re: [B.A.T.M.A.N.] [PATCH] batman-adv: fix skb->data assignment
Date: Fri, 15 Jun 2012 13:45:11 +0200	[thread overview]
Message-ID: <7712868.YW3oqMkdaP@bentobox> (raw)
In-Reply-To: <1339705288-4175-1-git-send-email-ordex@autistici.org>

[-- Attachment #1: Type: text/plain, Size: 1052 bytes --]

On Thursday 14 June 2012 22:21:28 Antonio Quartulli wrote:
> skb_linearize(skb) possibly rearranges the skb internal data and then
> changes the skb->data pointer value. For this reason any other pointer in
> the code that was assigned skb->data before invoking skb_linearise(skb)
> must be re-assigned.
> 
> In the current tt_query message handling code this is not done and
> therefore, in case of skb linearization, the pointer used to handle the
> packet header ends up in pointing to poisoned memory. The packet is then
> dropped but the translation-table mechanism is corrupted.
> 
> Signed-off-by: Antonio Quartulli <ordex@autistici.org>
> ---
> 
> *** this patch is an important fix and it is for maint ***

Don't forget to add 

Cc: stable <stable@vger.kernel.org>

to the patch and a small explanation since when the bug is there (I guess 
v3.1) and that it may lead to crashes and not only poisened memory (that is 
the best case.. but maybe the page was removed and we end up in hell when 
accessing the memory region).

Kind regards,
	Sven

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

next prev parent reply	other threads:[~2012-06-15 11:45 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-06-14 20:21 [B.A.T.M.A.N.] [PATCH] batman-adv: fix skb->data assignment Antonio Quartulli
2012-06-15 11:45 ` Sven Eckelmann [this message]
2012-06-15 11:50   ` Antonio Quartulli
2012-06-15 19:09 ` Marek Lindner
  -- strict thread matches above, loose matches on Subject: below --
2012-06-19  7:20 Antonio Quartulli
2012-06-19  7:41 ` David Miller
2012-06-19  8:07   ` Sven Eckelmann
2012-06-19  9:02     ` David Miller
2012-06-19  9:51       ` Sven Eckelmann
2012-06-19 12:10         ` Ben Hutchings
2012-06-19 12:41           ` Sven Eckelmann
2012-06-19  7:23 Antonio Quartulli

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=7712868.YW3oqMkdaP@bentobox \
    --to=sven@narfation.org \
    --cc=b.a.t.m.a.n@lists.open-mesh.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox