[B.A.T.M.A.N.] [PATCHv4 maint] batman-adv: fix potential kernel paging error for unicast transmissions
batadv_send_skb_prepare_unicast(_4addr) might reallocate the skb's data. If it does then our ethhdr pointer is not valid anymore in batadv_send_skb_unicast(), resulting in a kernel paging error.
Fixing this by refetching the ethhdr pointer after the potential reallocation.
Introduced by b46c60b9e1ee7a1909c542413a85875a750955d6 ("batman-adv: improve unicast packet (re)routing")
Signed-off-by: Linus Lüssing linus.luessing@web.de --- Changes v4: * "s/Introduced-by:/Introduced by/" to make checkpatch happy
send.c | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/send.c b/send.c index b0a3d76..50df184 100644 --- a/send.c +++ b/send.c @@ -281,6 +281,10 @@ static int batadv_send_skb_unicast(struct batadv_priv *bat_priv, goto out; }
+ /* skb->data might have been reallocated by + * batadv_send_skb_prepare_unicast* + */ + ethhdr = eth_hdr(skb); unicast_packet = (struct batadv_unicast_packet *)skb->data;
/* inform the destination node that we are still missing a correct route
On 20/01/14 11:06, Linus Lüssing wrote:
batadv_send_skb_prepare_unicast(_4addr) might reallocate the skb's data. If it does then our ethhdr pointer is not valid anymore in batadv_send_skb_unicast(), resulting in a kernel paging error.
Fixing this by refetching the ethhdr pointer after the potential reallocation.
Introduced by b46c60b9e1ee7a1909c542413a85875a750955d6 ("batman-adv: improve unicast packet (re)routing")
Signed-off-by: Linus Lüssing linus.luessing@web.de
Acked-by: Antonio Quartulli antonio@meshcoding.com
Changes v4:
- "s/Introduced-by:/Introduced by/" to make checkpatch happy
send.c | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/send.c b/send.c index b0a3d76..50df184 100644 --- a/send.c +++ b/send.c @@ -281,6 +281,10 @@ static int batadv_send_skb_unicast(struct batadv_priv *bat_priv, goto out; }
/* skb->data might have been reallocated by
* batadv_send_skb_prepare_unicast**/ethhdr = eth_hdr(skb); unicast_packet = (struct batadv_unicast_packet *)skb->data;
/* inform the destination node that we are still missing a correct route
On Monday 20 January 2014 16:07:53 Antonio Quartulli wrote:
On 20/01/14 11:06, Linus Lüssing wrote:
batadv_send_skb_prepare_unicast(_4addr) might reallocate the skb's data. If it does then our ethhdr pointer is not valid anymore in batadv_send_skb_unicast(), resulting in a kernel paging error.
Fixing this by refetching the ethhdr pointer after the potential reallocation.
Introduced by b46c60b9e1ee7a1909c542413a85875a750955d6 ("batman-adv: improve unicast packet (re)routing")
Signed-off-by: Linus Lüssing linus.luessing@web.de
Acked-by: Antonio Quartulli antonio@meshcoding.com
Applied in revision 41b3872.
Thanks, Marek
b.a.t.m.a.n@lists.open-mesh.org
-
Antonio Quartulli -
Linus Lüssing -
Marek Lindner