public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: Henk de Groot <henk.de.groot@hetnet.nl>
To: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: linux-hams@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: AX25/socket kernel PATCHes
Date: Sun, 30 Dec 2001 18:23:50 +0100	[thread overview]
Message-ID: <5.1.0.14.2.20011230174733.00a2fc50@pop.hetnet.nl> (raw)
In-Reply-To: <E16KVhV-0006bg-00@the-village.bc.nu>
In-Reply-To: <5.1.0.14.2.20011230004059.00a2ac90@pop.hetnet.nl>

Hello Allan,

At 02:27 30-12-01 +0000, Alan Cox wrote:
>> >                        if (skb2->nh.raw < skb2->data || skb2->nh.raw >= skb2->...
>
>> +                       if (skb2->nh.raw < skb2->data || nh.raw > skb2->tail) {
>Add:                                                       skb2->
>
>my fault

To clear this once and for all I applied a brute-force patch:

----------------------------------------------------------------------
--- linux/net/core/dev.c.orig   Sun Dec 30 16:57:55 2001
+++ linux/net/core/dev.c        Sun Dec 30 17:07:25 2001
@@ -940,9 +940,14 @@
                         */
                        skb2->mac.raw = skb2->data;
 
-                       if (skb2->nh.raw < skb2->data || skb2->nh.raw > skb2->tail) {
+                       if (skb2->nh.raw < skb2->data || skb2->nh.raw >= skb2->tail) {
                                if (net_ratelimit())
+                                {
                                        printk(KERN_DEBUG "protocol %04x is buggy, dev %s\n", skb2->protocol, dev->name);
+                                       printk(KERN_DEBUG "PE1DNN: skb2->nh.raw = 0x%08x\n", (unsigned long) skb2->nh.raw);
+                                       printk(KERN_DEBUG "PE1DNN: skb2->data = 0x%08x\n", (unsigned long) skb2->data);
+                                       printk(KERN_DEBUG "PE1DNN: skb2->tail = 0x%08x\n", (unsigned long) skb2->tail);
+                                }
                                skb2->nh.raw = skb2->data;
                        }
----------------------------------------------------------------------

That should provide enough data about this part.. This is the output it creates, its not an off-by-one error...

----------------------------------------------------------------------
Dec 30 17:45:54 pe1dnn kernel: protocol 0000 is buggy, dev bcsf0
Dec 30 17:45:54 pe1dnn kernel: PE1DNN: skb2->nh.raw = 0xc4b0ed40
Dec 30 17:45:54 pe1dnn kernel: PE1DNN: skb2->data = 0xc4b0ece7
Dec 30 17:45:54 pe1dnn kernel: PE1DNN: skb2->tail = 0xc4b0ed11
----------------------------------------------------------------------

nh.raw is pointing way beyond the end of the data; 48 bytes if tail points at the adress just after the data - magic number or any clue why 48 bytes?

According to this the data should be 42 bytes (where data points to the first byte and tail just after the last byte). What is written to the AX.25 socket with 'sendto' is:

1 - KISS discriminator (0 - data) -> 1 byte
1 - AX.25 source address -> 7 bytes
1 - AX.25 destination address -> 7 bytes
2 - Digi paths @ 7bytes -> 14 bytes
1 - control fiels (primitve, UI frame) -> 1 byte
1 - PID (0xF0 normal AX.25 text) -> 1 byte
1 - payload data -> 11 bytes

Total 42 bytes, that seems to add up, only the nh.raw pointer seems to point to nowhere.

Kind regards,

Henk.


  parent reply	other threads:[~2001-12-30 17:25 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2001-12-28 16:41 link error in SCC driver Wichert Akkerman
2001-12-28 16:56 ` Dave Jones
2001-12-28 16:59   ` Wichert Akkerman
2001-12-28 17:08     ` Daniel T. Chen
2001-12-28 20:57     ` AX25/socket kernel PATCHes Henk de Groot
2001-12-28 23:09       ` Alan Cox
2001-12-28 23:15         ` Jeroen Vreeken
2001-12-29 17:29         ` Henk de Groot
2001-12-29 17:27       ` Henk de Groot
2001-12-29 18:02         ` Alan Cox
2001-12-29 20:37           ` kuznet
2001-12-29 23:56         ` Henk de Groot
2001-12-30  2:27           ` Alan Cox
2001-12-30 17:23           ` Henk de Groot [this message]
2001-12-30 22:13             ` Henk de Groot
2001-12-30 22:24               ` Sandor Dibuz
2002-01-01 22:32             ` Henk de Groot
2001-12-29  3:39     ` link error in SCC driver Keith Owens

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5.1.0.14.2.20011230174733.00a2fc50@pop.hetnet.nl \
    --to=henk.de.groot@hetnet.nl \
    --cc=alan@lxorguk.ukuu.org.uk \
    --cc=linux-hams@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox