On Friday, 31 August 2018 22:46:47 HKT Sven Eckelmann wrote:
The per hardif sysfs file "batman_adv/throughput_override" prints the resulting change as info text when the users writes to this file. It uses the helper function batadv_info to add it at the same time to the kernel ring buffer and to the batman-adv debug log (when CONFIG_BATMAN_ADV_DEBUG is enabled).
The function batadv_info requires as first parameter the batman-adv softif net_device. This parameter is then used to find the private buffer which contains the debug log for this batman-adv interface. But batadv_store_throughput_override used as first argument the slave net_device. This slave device doesn't have the batadv_priv private data which is access by batadv_info.
Writing to this file with CONFIG_BATMAN_ADV_DEBUG enabled can either lead to a segfault or to memory corruption.
Fixes: c513176e4b7a ("batman-adv: add throughput override attribute to hard_ifaces") Signed-off-by: Sven Eckelmann sven@narfation.org
Acked-by: Marek Lindner mareklindner@neomailbox.ch
Cheers, Marek