In the TX path we now have functions that rely on the skb->mac_header field. DAT does not set such field when creating its own ARP packets thus leading to wrong memory access.
Fix it by always setting the mac_header after having forged the ARP packet.
Reported-by: Russel Senior russell@personaltelco.net Signed-off-by: Antonio Quartulli antonio@meshcoding.com Tested-by: Russel Senior russell@personaltelco.net --- distributed-arp-table.c | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/distributed-arp-table.c b/distributed-arp-table.c index 6da587a..0b69b61 100644 --- a/distributed-arp-table.c +++ b/distributed-arp-table.c @@ -1028,6 +1028,11 @@ bool batadv_dat_snoop_incoming_arp_request(struct batadv_priv *bat_priv, if (!skb_new) goto out;
+ /* the rest of the TX path assumes that the mac_header offset pointing + * to the inner Ethernet header has been set, therefore reset it now. + */ + skb_reset_mac_header(skb_new); + if (vid & BATADV_VLAN_HAS_TAG) skb_new = vlan_insert_tag(skb_new, htons(ETH_P_8021Q), vid & VLAN_VID_MASK);
On 11/02/14 11:26, Antonio Quartulli wrote:
In the TX path we now have functions that rely on the skb->mac_header field. DAT does not set such field when creating its own ARP packets thus leading to wrong memory access.
Fix it by always setting the mac_header after having forged the ARP packet.
Reported-by: Russel Senior russell@personaltelco.net Signed-off-by: Antonio Quartulli antonio@meshcoding.com Tested-by: Russel Senior russell@personaltelco.net
This patch is supposed to be applied on maint.
Cheers,
On 11/02/14 11:35, Antonio Quartulli wrote:
On 11/02/14 11:26, Antonio Quartulli wrote:
In the TX path we now have functions that rely on the skb->mac_header field. DAT does not set such field when creating its own ARP packets thus leading to wrong memory access.
Fix it by always setting the mac_header after having forged the ARP packet.
Reported-by: Russel Senior russell@personaltelco.net Signed-off-by: Antonio Quartulli antonio@meshcoding.com Tested-by: Russel Senior russell@personaltelco.net
This patch is supposed to be applied on maint.
Introduced by 41b38727749a94c1a65cf0f4be9bfe1cbaf0adeb ("batman-adv: fix potential kernel paging error for unicast transmissions")
In this patch we have the introduction of eth_hdr() in batadv_send_skb_unicast() which creates the problem..
Cheers,
On Tuesday 11 February 2014 11:58:26 Antonio Quartulli wrote:
On 11/02/14 11:35, Antonio Quartulli wrote:
On 11/02/14 11:26, Antonio Quartulli wrote:
In the TX path we now have functions that rely on the skb->mac_header field. DAT does not set such field when creating its own ARP packets thus leading to wrong memory access.
Fix it by always setting the mac_header after having forged the ARP packet.
Reported-by: Russel Senior russell@personaltelco.net Signed-off-by: Antonio Quartulli antonio@meshcoding.com Tested-by: Russel Senior russell@personaltelco.net
This patch is supposed to be applied on maint.
Introduced by 41b38727749a94c1a65cf0f4be9bfe1cbaf0adeb ("batman-adv: fix potential kernel paging error for unicast transmissions")
Applied in revision df99b07.
Thanks, Marek
b.a.t.m.a.n@lists.open-mesh.org
-
Antonio Quartulli -
Marek Lindner