From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Thomas Osterried <thomas@osterried.de>,
Ralf Baechle <ralf@linux-mips.org>,
"David S. Miller" <davem@davemloft.net>,
Sasha Levin <alexander.levin@verizon.com>
Subject: [PATCH 4.9 017/108] NET: mkiss: Fix panic
Date: Thu, 15 Jun 2017 19:52:23 +0200 [thread overview]
Message-ID: <20170615175337.998541512@linuxfoundation.org> (raw)
In-Reply-To: <20170615175337.190782107@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ralf Baechle <ralf@linux-mips.org>
[ Upstream commit 7ba1b689038726d34e3244c1ac9e2e18c2ea4787 ]
If a USB-to-serial adapter is unplugged, the driver re-initializes, with
dev->hard_header_len and dev->addr_len set to zero, instead of the correct
values. If then a packet is sent through the half-dead interface, the
kernel will panic due to running out of headroom in the skb when pushing
for the AX.25 headers resulting in this panic:
[<c0595468>] (skb_panic) from [<c0401f70>] (skb_push+0x4c/0x50)
[<c0401f70>] (skb_push) from [<bf0bdad4>] (ax25_hard_header+0x34/0xf4 [ax25])
[<bf0bdad4>] (ax25_hard_header [ax25]) from [<bf0d05d4>] (ax_header+0x38/0x40 [mkiss])
[<bf0d05d4>] (ax_header [mkiss]) from [<c041b584>] (neigh_compat_output+0x8c/0xd8)
[<c041b584>] (neigh_compat_output) from [<c043e7a8>] (ip_finish_output+0x2a0/0x914)
[<c043e7a8>] (ip_finish_output) from [<c043f948>] (ip_output+0xd8/0xf0)
[<c043f948>] (ip_output) from [<c043f04c>] (ip_local_out_sk+0x44/0x48)
This patch makes mkiss behave like the 6pack driver. 6pack does not
panic. In 6pack.c sp_setup() (same function name here) the values for
dev->hard_header_len and dev->addr_len are set to the same values as in
my mkiss patch.
[ralf@linux-mips.org: Massages original submission to conform to the usual
standards for patch submissions.]
Signed-off-by: Thomas Osterried <thomas@osterried.de>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/hamradio/mkiss.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/net/hamradio/mkiss.c
+++ b/drivers/net/hamradio/mkiss.c
@@ -648,8 +648,8 @@ static void ax_setup(struct net_device *
{
/* Finish setting up the DEVICE info. */
dev->mtu = AX_MTU;
- dev->hard_header_len = 0;
- dev->addr_len = 0;
+ dev->hard_header_len = AX25_MAX_HEADER_LEN;
+ dev->addr_len = AX25_ADDR_LEN;
dev->type = ARPHRD_AX25;
dev->tx_queue_len = 10;
dev->header_ops = &ax25_header_ops;
next prev parent reply other threads:[~2017-06-15 17:57 UTC|newest]
Thread overview: 109+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-15 17:52 [PATCH 4.9 000/108] 4.9.33-stable review Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 001/108] PCI/PM: Add needs_resume flag to avoid suspend complete optimization Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 003/108] partitions/msdos: FreeBSD UFS2 file systems are not recognized Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 004/108] netfilter: nf_conntrack_sip: fix wrong memory initialisation Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 005/108] ibmvnic: Fix endian errors in error reporting output Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 006/108] ibmvnic: Fix endian error when requesting device capabilities Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 007/108] net: xilinx_emaclite: fix freezes due to unordered I/O Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 008/108] net: xilinx_emaclite: fix receive buffer overflow Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 009/108] tcp: tcp_probe: use spin_lock_bh() Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 010/108] ipv6: Handle IPv4-mapped src to in6addr_any dst Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 011/108] ipv6: Inhibit IPv4-mapped src address on the wire Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 012/108] tipc: Fix tipc_sk_reinit race conditions Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 013/108] gfs2: Use rhashtable walk interface in glock_hash_walk Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 014/108] NET: Fix /proc/net/arp for AX.25 Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 015/108] ibmvnic: Call napi_disable instead of napi_enable in failure path Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 016/108] ibmvnic: Initialize completion variables before starting work Greg Kroah-Hartman
2017-06-15 17:52 ` Greg Kroah-Hartman [this message]
2017-06-15 17:52 ` [PATCH 4.9 018/108] net: hns: Fix the device being used for dma mapping during TX Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 021/108] i2c: piix4: Request the SMBUS semaphore inside the mutex Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 022/108] i2c: piix4: Fix request_region size Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 023/108] powerpc/powernv: Properly set "host-ipi" on IPIs Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 024/108] kernel/ucount.c: mark user_header with kmemleak_ignore() Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 025/108] net: thunderx: Fix PHY autoneg for SGMII QLM mode Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 026/108] ipv6: addrconf: fix generation of new temporary addresses Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 027/108] vfio/spapr_tce: Set window when adding additional groups to container Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 029/108] ARM: defconfigs: make NF_CT_PROTO_SCTP and NF_CT_PROTO_UDPLITE built-in Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 030/108] PM / runtime: Avoid false-positive warnings from might_sleep_if() Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 031/108] jump label: pass kbuild_cflags when checking for asm goto support Greg Kroah-Hartman
2017-06-19 15:29 ` Gleb Fotengauer-Malinovskiy
2017-06-27 11:33 ` Greg Kroah-Hartman
2017-06-27 13:44 ` Levin, Alexander (Sasha Levin)
2017-06-27 14:14 ` Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 032/108] shmem: fix sleeping from atomic context Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 033/108] kasan: respect /proc/sys/kernel/traceoff_on_warning Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 034/108] log2: make order_base_2() behave correctly on const input value zero Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 035/108] ethtool: do not vzalloc(0) on registers dump Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 036/108] net: phy: Fix lack of reference count on PHY driver Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 037/108] net: phy: Fix PHY module checks and NULL deref in phy_attach_direct() Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 038/108] net: fix ndo_features_check/ndo_fix_features comment ordering Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 039/108] fscache: Fix dead object requeue Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 040/108] fscache: Clear outstanding writes when disabling a cookie Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 041/108] FS-Cache: Initialise stores_lock in netfs cookie Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 042/108] ipv6: fix flow labels when the traffic class is non-0 Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 043/108] drm/nouveau: prevent userspace from deleting client object Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 044/108] drm/nouveau/fence/g84-: protect against concurrent access to semaphore buffers Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 045/108] net/mlx4_core: Avoid command timeouts during VF driver device shutdown Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 046/108] gianfar: synchronize DMA API usage by free_skb_rx_queue w/ gfar_new_page Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 047/108] pinctrl: baytrail: Rectify debounce support (part 2) Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 048/108] [media] cec: fix wrong last_la determination Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 049/108] drm: prevent double-(un)registration for connectors Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 050/108] drm: Dont race connector registration Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 051/108] pinctrl: berlin-bg4ct: fix the value for "sd1a" of pin SCRD0_CRD_PRES Greg Kroah-Hartman
2017-06-15 17:52 ` [PATCH 4.9 052/108] net: adaptec: starfire: add checks for dma mapping errors Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 054/108] net/mlx5: E-Switch, Err when retrieving steering name-space fails Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 055/108] net/mlx5: Return EOPNOTSUPP when failing to get steering name-space Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 056/108] parisc, parport_gsc: Fixes for printk continuation lines Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 057/108] net: phy: micrel: add support for KSZ8795 Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 058/108] gtp: add genl family modules alias Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 059/108] drm/nouveau: Intercept ACPI_VIDEO_NOTIFY_PROBE Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 060/108] drm/nouveau: Rename acpi_work to hpd_work Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 061/108] drm/nouveau: Handle fbcon suspend/resume in seperate worker Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 062/108] drm/nouveau: Dont enabling polling twice on runtime resume Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 063/108] drm/nouveau: Fix drm poll_helper handling Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 064/108] drm/ast: Fixed system hanged if disable P2A Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 065/108] ravb: unmap descriptors when freeing rings Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 066/108] nfs: Fix "Dont increment lock sequence ID after NFS4ERR_MOVED" Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 067/108] nvmet-rdma: Fix missing dma sync to nvme data structures Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 068/108] r8152: avoid start_xmit to call napi_schedule during autosuspend Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 069/108] r8152: check rx after napi is enabled Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 070/108] r8152: re-schedule napi for tx Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 071/108] r8152: fix rtl8152_post_reset function Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 072/108] r8152: avoid start_xmit to schedule napi when napi is disabled Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 073/108] net-next: ethernet: mediatek: change the compatible string Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 074/108] bnxt_en: Fix bnxt_reset() in the slow path task Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 075/108] bnxt_en: Enhance autoneg support Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 076/108] bnxt_en: Fix RTNL lock usage on bnxt_update_link() Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 077/108] bnxt_en: Fix RTNL lock usage on bnxt_get_port_module_status() Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 078/108] sctp: sctp gso should set feature with NETIF_F_SG when calling skb_segment Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 079/108] sctp: sctp_addr_id2transport should verify the addr before looking up assoc Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 080/108] usb: musb: Fix external abort on non-linefetch for musb_irq_work() Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 081/108] mn10300: fix build error of missing fpu_save() Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 082/108] romfs: use different way to generate fsid for BLOCK or MTD Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 083/108] frv: add atomic64_add_unless() Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 084/108] frv: add missing atomic64 operations Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 085/108] proc: add a schedule point in proc_pid_readdir() Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 086/108] userfaultfd: fix SIGBUS resulting from false rwsem wakeups Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 087/108] kernel/watchdog.c: move hardlockup detector to separate file Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 088/108] kernel/watchdog.c: move shared definitions to nmi.h Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 089/108] kernel/watchdog: prevent false hardlockup on overloaded system Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 090/108] vhost/vsock: handle vhost_vq_init_access() error Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 091/108] ARC: smp-boot: Decouple Non masters waiting API from jump to entry point Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 092/108] ARCv2: smp-boot: wake_flag polling by non-Masters needs to be uncached Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 093/108] tipc: ignore requests when the connection state is not CONNECTED Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 094/108] tipc: fix connection refcount error Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 095/108] tipc: add subscription refcount to avoid invalid delete Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 096/108] tipc: fix nametbl_lock soft lockup at node/link events Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 097/108] netfilter: nf_tables: fix set->nelems counting with no NLM_F_EXCL Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 098/108] netfilter: nft_log: restrict the log prefix length to 127 Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 099/108] RDMA/qedr: Dispatch port active event from qedr_add Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 100/108] RDMA/qedr: Fix and simplify memory leak in PD alloc Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 101/108] RDMA/qedr: Dont reset QP when queues arent flushed Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 102/108] RDMA/qedr: Dont spam dmesg if QP is in error state Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 103/108] RDMA/qedr: Return max inline data in QP query result Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 104/108] xtensa: dont use linux IRQ #0 Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 105/108] s390/kvm: do not rely on the ILC on kvm host protection fauls Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 107/108] drm/i915: Always recompute watermarks when distrust_bios_wm is set, v2 Greg Kroah-Hartman
2017-06-15 17:53 ` [PATCH 4.9 108/108] sparc64: make string buffers large enough Greg Kroah-Hartman
2017-06-15 22:23 ` [PATCH 4.9 000/108] 4.9.33-stable review Shuah Khan
2017-06-16 0:40 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170615175337.998541512@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=alexander.levin@verizon.com \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=ralf@linux-mips.org \
--cc=stable@vger.kernel.org \
--cc=thomas@osterried.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).