https://github.com/torvalds/linux
Revision 7ba1b689038726d34e3244c1ac9e2e18c2ea4787 authored by Ralf Baechle on 09 February 2017, 13:12:11 UTC, committed by David S. Miller on 10 February 2017, 18:41:13 UTC
If a USB-to-serial adapter is unplugged, the driver re-initializes, with dev->hard_header_len and dev->addr_len set to zero, instead of the correct values. If then a packet is sent through the half-dead interface, the kernel will panic due to running out of headroom in the skb when pushing for the AX.25 headers resulting in this panic: [<c0595468>] (skb_panic) from [<c0401f70>] (skb_push+0x4c/0x50) [<c0401f70>] (skb_push) from [<bf0bdad4>] (ax25_hard_header+0x34/0xf4 [ax25]) [<bf0bdad4>] (ax25_hard_header [ax25]) from [<bf0d05d4>] (ax_header+0x38/0x40 [mkiss]) [<bf0d05d4>] (ax_header [mkiss]) from [<c041b584>] (neigh_compat_output+0x8c/0xd8) [<c041b584>] (neigh_compat_output) from [<c043e7a8>] (ip_finish_output+0x2a0/0x914) [<c043e7a8>] (ip_finish_output) from [<c043f948>] (ip_output+0xd8/0xf0) [<c043f948>] (ip_output) from [<c043f04c>] (ip_local_out_sk+0x44/0x48) This patch makes mkiss behave like the 6pack driver. 6pack does not panic. In 6pack.c sp_setup() (same function name here) the values for dev->hard_header_len and dev->addr_len are set to the same values as in my mkiss patch. [ralf@linux-mips.org: Massages original submission to conform to the usual standards for patch submissions.] Signed-off-by: Thomas Osterried <thomas@osterried.de> Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent b85ea00
Tip revision: 7ba1b689038726d34e3244c1ac9e2e18c2ea4787 authored by Ralf Baechle on 09 February 2017, 13:12:11 UTC
NET: mkiss: Fix panic
NET: mkiss: Fix panic
Tip revision: 7ba1b68
| File | Mode | Size |
|---|---|---|
| Kconfig | -rw-r--r-- | 5.0 KB |
| Makefile | -rw-r--r-- | 883 bytes |
| acl.h | -rw-r--r-- | 2.4 KB |
| auth.c | -rw-r--r-- | 2.0 KB |
| auth.h | -rw-r--r-- | 339 bytes |
| blocklayout.c | -rw-r--r-- | 10.5 KB |
| blocklayoutxdr.c | -rw-r--r-- | 5.1 KB |
| blocklayoutxdr.h | -rw-r--r-- | 1.3 KB |
| cache.h | -rw-r--r-- | 1.8 KB |
| current_stateid.h | -rw-r--r-- | 1.4 KB |
| export.c | -rw-r--r-- | 31.6 KB |
| export.h | -rw-r--r-- | 3.0 KB |
| fault_inject.c | -rw-r--r-- | 3.7 KB |
| flexfilelayout.c | -rw-r--r-- | 3.4 KB |
| flexfilelayoutxdr.c | -rw-r--r-- | 2.7 KB |
| flexfilelayoutxdr.h | -rw-r--r-- | 1.1 KB |
| idmap.h | -rw-r--r-- | 2.3 KB |
| lockd.c | -rw-r--r-- | 1.7 KB |
| netns.h | -rw-r--r-- | 3.7 KB |
| nfs2acl.c | -rw-r--r-- | 8.9 KB |
| nfs3acl.c | -rw-r--r-- | 6.3 KB |
| nfs3proc.c | -rw-r--r-- | 24.5 KB |
| nfs3xdr.c | -rw-r--r-- | 26.8 KB |
| nfs4acl.c | -rw-r--r-- | 21.8 KB |
| nfs4callback.c | -rw-r--r-- | 29.7 KB |
| nfs4idmap.c | -rw-r--r-- | 16.0 KB |
| nfs4layouts.c | -rw-r--r-- | 18.7 KB |
| nfs4proc.c | -rw-r--r-- | 69.4 KB |
| nfs4recover.c | -rw-r--r-- | 35.6 KB |
| nfs4state.c | -rw-r--r-- | 181.7 KB |
| nfs4xdr.c | -rw-r--r-- | 114.6 KB |
| nfscache.c | -rw-r--r-- | 15.4 KB |
| nfsctl.c | -rw-r--r-- | 32.9 KB |
| nfsd.h | -rw-r--r-- | 16.8 KB |
| nfsfh.c | -rw-r--r-- | 18.2 KB |
| nfsfh.h | -rw-r--r-- | 7.0 KB |
| nfsproc.c | -rw-r--r-- | 21.6 KB |
| nfssvc.c | -rw-r--r-- | 20.0 KB |
| nfsxdr.c | -rw-r--r-- | 13.0 KB |
| pnfs.h | -rw-r--r-- | 2.7 KB |
| state.h | -rw-r--r-- | 22.5 KB |
| stats.c | -rw-r--r-- | 2.7 KB |
| stats.h | -rw-r--r-- | 1.4 KB |
| trace.c | -rw-r--r-- | 48 bytes |
| trace.h | -rw-r--r-- | 2.5 KB |
| vfs.c | -rw-r--r-- | 49.5 KB |
| vfs.h | -rw-r--r-- | 5.7 KB |
| xdr.h | -rw-r--r-- | 4.0 KB |
| xdr3.h | -rw-r--r-- | 8.1 KB |
| xdr4.h | -rw-r--r-- | 21.8 KB |
| xdr4cb.h | -rw-r--r-- | 1.4 KB |
Computing file changes ...
