[PATCH][ATM] br2684: Fix oops due to skb->dev being NULL

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH][ATM] br2684: Fix oops due to skb->dev being NULL
@ 2008-06-05 15:43 Jorge Boncompte [DTI2]
  2008-06-14 21:21 ` Chas Williams (CONTRACTOR)
  0 siblings, 1 reply; 4+ messages in thread
From: Jorge Boncompte [DTI2] @ 2008-06-05 15:43 UTC (permalink / raw)
  To: netdev; +Cc: chas williams

	It happens that if a packet arrives in a VC between the call to open it 
on the hardware and the call to change the backend to br2684, 
br2684_regvcc processes the packet and oopses dereferencing skb->dev 
because it is NULL before the call to br2684_push().

Signed-off-by: Jorge Boncompte [DTI2] <jorge@dti2.net>
---
  net/atm/br2684.c |    2 +-
  1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/net/atm/br2684.c b/net/atm/br2684.c
index 9d52ebf..ac60350 100644
--- a/net/atm/br2684.c
+++ b/net/atm/br2684.c
@@ -518,9 +518,9 @@ static int br2684_regvcc(struct atm_vcc *atmvcc, 
void __user * arg)
  		struct sk_buff *next = skb->next;

  		skb->next = skb->prev = NULL;
+		br2684_push(atmvcc, skb);
  		BRPRIV(skb->dev)->stats.rx_bytes -= skb->len;
  		BRPRIV(skb->dev)->stats.rx_packets--;
-		br2684_push(atmvcc, skb);

  		skb = next;
  	}
-- 



^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH][ATM] br2684: Fix oops due to skb->dev being NULL
  2008-06-05 15:43 [PATCH][ATM] br2684: Fix oops due to skb->dev being NULL Jorge Boncompte [DTI2]
@ 2008-06-14 21:21 ` Chas Williams (CONTRACTOR)
  0 siblings, 0 replies; 4+ messages in thread
From: Chas Williams (CONTRACTOR) @ 2008-06-14 21:21 UTC (permalink / raw)
  To: jorge; +Cc: netdev

In message <484809B6.2080904@dti2.net>,"Jorge Boncompte [DTI2]" writes:
>	It happens that if a packet arrives in a VC between the call to open it
> 
>on the hardware and the call to change the backend to br2684, 
>br2684_regvcc processes the packet and oopses dereferencing skb->dev 
>because it is NULL before the call to br2684_push().
>
>Signed-off-by: Jorge Boncompte [DTI2] <jorge@dti2.net>

looks good. i will submit to davem with the next batch of atm patches.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH] atm: br2684: Fix oops due to skb->dev being NULL
@ 2011-08-19 22:04 Daniel Schwierzeck
  2011-08-20 21:13 ` David Miller
  0 siblings, 1 reply; 4+ messages in thread
From: Daniel Schwierzeck @ 2011-08-19 22:04 UTC (permalink / raw)
  To: netdev; +Cc: stable, David S . Miller

This oops have been already fixed with commit

    27141666b69f535a4d63d7bc6d9e84ee5032f82a

    atm: [br2684] Fix oops due to skb->dev being NULL

    It happens that if a packet arrives in a VC between the call to open it on
    the hardware and the call to change the backend to br2684, br2684_regvcc
    processes the packet and oopses dereferencing skb->dev because it is
    NULL before the call to br2684_push().

but have been introduced again with commit

    b6211ae7f2e56837c6a4849316396d1535606e90

    atm: Use SKB queue and list helpers instead of doing it by-hand.

Signed-off-by: Daniel Schwierzeck <daniel.schwierzeck@googlemail.com>
---
 net/atm/br2684.c |    7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/net/atm/br2684.c b/net/atm/br2684.c
index 52cfd0c..d07223c 100644
--- a/net/atm/br2684.c
+++ b/net/atm/br2684.c
@@ -558,12 +558,13 @@ static int br2684_regvcc(struct atm_vcc *atmvcc, void __user * arg)
 	spin_unlock_irqrestore(&rq->lock, flags);
 
 	skb_queue_walk_safe(&queue, skb, tmp) {
-		struct net_device *dev = skb->dev;
+		struct net_device *dev;
+
+		br2684_push(atmvcc, skb);
+		dev = skb->dev;
 
 		dev->stats.rx_bytes -= skb->len;
 		dev->stats.rx_packets--;
-
-		br2684_push(atmvcc, skb);
 	}
 
 	/* initialize netdev carrier state */
-- 
1.7.6


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] atm: br2684: Fix oops due to skb->dev being NULL
  2011-08-19 22:04 [PATCH] atm: " Daniel Schwierzeck
@ 2011-08-20 21:13 ` David Miller
  0 siblings, 0 replies; 4+ messages in thread
From: David Miller @ 2011-08-20 21:13 UTC (permalink / raw)
  To: daniel.schwierzeck; +Cc: netdev, stable

From: Daniel Schwierzeck <daniel.schwierzeck@googlemail.com>
Date: Sat, 20 Aug 2011 00:04:20 +0200

> This oops have been already fixed with commit
> 
>     27141666b69f535a4d63d7bc6d9e84ee5032f82a
> 
>     atm: [br2684] Fix oops due to skb->dev being NULL
> 
>     It happens that if a packet arrives in a VC between the call to open it on
>     the hardware and the call to change the backend to br2684, br2684_regvcc
>     processes the packet and oopses dereferencing skb->dev because it is
>     NULL before the call to br2684_push().
> 
> but have been introduced again with commit
> 
>     b6211ae7f2e56837c6a4849316396d1535606e90
> 
>     atm: Use SKB queue and list helpers instead of doing it by-hand.
> 
> Signed-off-by: Daniel Schwierzeck <daniel.schwierzeck@googlemail.com>

Applied, thanks!

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2011-08-20 21:13 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-06-05 15:43 [PATCH][ATM] br2684: Fix oops due to skb->dev being NULL Jorge Boncompte [DTI2]
2008-06-14 21:21 ` Chas Williams (CONTRACTOR)
  -- strict thread matches above, loose matches on Subject: below --
2011-08-19 22:04 [PATCH] atm: " Daniel Schwierzeck
2011-08-20 21:13 ` David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).