From: <erik.hugne@ericsson.com>
To: <netdev@vger.kernel.org>, <jon.maloy@ericsson.com>
Cc: <ying.xue@windriver.com>, <paul.gortmaker@windriver.com>,
<tipc-discussion@lists.sourceforge.net>,
Erik Hugne <erik.hugne@ericsson.com>
Subject: [PATCH net-next] tipc: correctly unlink packets from deferred queue
Date: Mon, 16 Dec 2013 10:46:25 +0100 [thread overview]
Message-ID: <1387187185-6914-1-git-send-email-erik.hugne@ericsson.com> (raw)
From: Erik Hugne <erik.hugne@ericsson.com>
When we pull a packet from the deferred queue, the next
pointer for the current packet being processed might still
refer to deferred packets. This is incorrect, and will
lead to an oops if the last fragment have once been put on
the deferred queue, and at least one packet have been
deferred after this fragment. The result of this is that
the fragment chain linked together with the defer-queue.
We fix this by clearing the next pointer for the current
packet being processed.
[...] general protection fault: 0000
[...]
[...] ? trace_hardirqs_on+0xd/0x10
[...] tipc_link_recv_fragment+0xd1/0x1b0 [tipc]
[...] tipc_recv_msg+0x4e4/0x920 [tipc]
[...] ? tipc_l2_rcv_msg+0x40/0x250 [tipc]
[...] tipc_l2_rcv_msg+0xcc/0x250 [tipc]
[...] ? tipc_l2_rcv_msg+0x40/0x250 [tipc]
[...] __netif_receive_skb_core+0x80b/0xd00
[...] ? __netif_receive_skb_core+0x144/0xd00
[...] __netif_receive_skb+0x26/0x70
[...] netif_receive_skb+0x2d/0x200
Signed-off-by: Erik Hugne <erik.hugne@ericsson.com>
Reported-by: Ying Xue <ying.xue@windriver.com>
---
net/tipc/link.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/tipc/link.c b/net/tipc/link.c
index 3d73144..447e2c4 100644
--- a/net/tipc/link.c
+++ b/net/tipc/link.c
@@ -1444,6 +1444,7 @@ void tipc_recv_msg(struct sk_buff *head, struct tipc_bearer *b_ptr)
int type;
head = head->next;
+ buf->next = NULL;
/* Ensure bearer is still enabled */
if (unlikely(!b_ptr->active))
--
1.7.9.5
next reply other threads:[~2013-12-16 9:46 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-16 9:46 erik.hugne [this message]
2013-12-16 15:30 ` [PATCH net-next] tipc: correctly unlink packets from deferred queue Paul Gortmaker
2013-12-16 16:35 ` Erik Hugne
2013-12-16 18:11 ` Paul Gortmaker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1387187185-6914-1-git-send-email-erik.hugne@ericsson.com \
--to=erik.hugne@ericsson.com \
--cc=jon.maloy@ericsson.com \
--cc=netdev@vger.kernel.org \
--cc=paul.gortmaker@windriver.com \
--cc=tipc-discussion@lists.sourceforge.net \
--cc=ying.xue@windriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).