Netdev List
 help / color / mirror / Atom feed
From: "Bjørn Mork" <bjorn@mork.no>
To: netdev@vger.kernel.org
Cc: linux-usb@vger.kernel.org, "Thomas Kear" <thomas@kear.co.nz>,
	"Ben Hutchings" <bhutchings@solarflare.com>,
	"Bjørn Mork" <bjorn@mork.no>, "Ming Lei" <ming.lei@canonical.com>
Subject: [PATCH net,stable] net: usbnet: fix SG initialisation
Date: Fri, 10 Jan 2014 23:10:17 +0100	[thread overview]
Message-ID: <1389391817-27204-1-git-send-email-bjorn@mork.no> (raw)

Commit 60e453a940ac ("USBNET: fix handling padding packet")
added an extra SG entry in case padding is necessary, but
failed to update the initialisation of the list. This can
cause list traversal to fall off the end of the list,
resulting in an oops.

Fixes: 60e453a940ac ("USBNET: fix handling padding packet")
Reported-by: Thomas Kear <thomas@kear.co.nz>
Cc: Ming Lei <ming.lei@canonical.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
---
I don't have the hardware to verify this fix.  It would be good if
someone could test it before it goes to stable...

But in case this works, it should go into v3.12 stable.


Bjørn

 drivers/net/usb/usbnet.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c
index 8494bb53ebdc..aba04f561760 100644
--- a/drivers/net/usb/usbnet.c
+++ b/drivers/net/usb/usbnet.c
@@ -1245,7 +1245,7 @@ static int build_dma_sg(const struct sk_buff *skb, struct urb *urb)
 		return -ENOMEM;
 
 	urb->num_sgs = num_sgs;
-	sg_init_table(urb->sg, urb->num_sgs);
+	sg_init_table(urb->sg, urb->num_sgs + 1);
 
 	sg_set_buf(&urb->sg[s++], skb->data, skb_headlen(skb));
 	total_len += skb_headlen(skb);
-- 
1.8.5.2

             reply	other threads:[~2014-01-10 22:10 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-01-10 22:10 Bjørn Mork [this message]
2014-01-11  9:16 ` [PATCH net,stable] net: usbnet: fix SG initialisation Ming Lei
     [not found]   ` <CACVXFVPbi47ZLWm-AMeX1NLp3_BQWRSuWz7YjTXz-z3JmVoyRA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-01-11 16:22     ` Ming Lei

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1389391817-27204-1-git-send-email-bjorn@mork.no \
    --to=bjorn@mork.no \
    --cc=bhutchings@solarflare.com \
    --cc=linux-usb@vger.kernel.org \
    --cc=ming.lei@canonical.com \
    --cc=netdev@vger.kernel.org \
    --cc=thomas@kear.co.nz \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox