OpenE2K/linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
7e24470756
linux/net/mac80211
History
Helmut Schaa 7e24470756 mac80211: Fix BUG in pskb_expand_head when transmitting shared skbs 
mac80211 doesn't handle shared skbs correctly at the moment. As a result
a possible resize can trigger a BUG in pskb_expand_head.

[  676.030000] Kernel bug detected[#1]:
[  676.030000] Cpu 0
[  676.030000] $ 0   : 00000000 00000000 819662ff 00000002
[  676.030000] $ 4   : 81966200 00000020 00000000 00000020
[  676.030000] $ 8   : 819662e0 800043c0 00000002 00020000
[  676.030000] $12   : 3b9aca00 00000000 00000000 00470000
[  676.030000] $16   : 80ea2000 00000000 00000000 00000000
[  676.030000] $20   : 818aa200 80ea2018 80ea2000 00000008
[  676.030000] $24   : 00000002 800ace5c
[  676.030000] $28   : 8199a000 8199bd20 81938f88 80f180d4
[  676.030000] Hi    : 0000026e
[  676.030000] Lo    : 0000757e
[  676.030000] epc   : 801245e4 pskb_expand_head+0x44/0x1d8
[  676.030000]     Not tainted
[  676.030000] ra    : 80f180d4 ieee80211_skb_resize+0xb0/0x114 [mac80211]
[  676.030000] Status: 1000a403    KERNEL EXL IE
[  676.030000] Cause : 10800024
[  676.030000] PrId  : 0001964c (MIPS 24Kc)
[  676.030000] Modules linked in: mac80211_hwsim rt2800lib rt2x00soc rt2x00pci rt2x00lib mac80211 crc_itu_t crc_ccitt cfg80211 compat arc4 aes_generic deflate ecb cbc [last unloaded: rt2800pci]
[  676.030000] Process kpktgend_0 (pid: 97, threadinfo=8199a000, task=81879f48, tls=00000000)
[  676.030000] Stack : ffffffff 00000000 00000000 00000014 00000004 80ea2000 00000000 00000000
[  676.030000]         818aa200 80f180d4 ffffffff 0000000a 81879f78 81879f48 81879f48 00000018
[  676.030000]         81966246 80ea2000 818432e0 80f1a420 80203050 81814d98 00000001 81879f48
[  676.030000]         81879f48 00000018 81966246 818432e0 0000001a 8199bdd4 0000001c 80f1b72c
[  676.030000]         80203020 8001292c 80ef4aa2 7f10b55d 801ab5b8 81879f48 00000188 80005c90
[  676.030000]         ...
[  676.030000] Call Trace:
[  676.030000] [<801245e4>] pskb_expand_head+0x44/0x1d8
[  676.030000] [<80f180d4>] ieee80211_skb_resize+0xb0/0x114 [mac80211]
[  676.030000] [<80f1a420>] ieee80211_xmit+0x150/0x22c [mac80211]
[  676.030000] [<80f1b72c>] ieee80211_subif_start_xmit+0x6f4/0x73c [mac80211]
[  676.030000] [<8014361c>] pktgen_thread_worker+0xfac/0x16f8
[  676.030000] [<8002ebe8>] kthread+0x7c/0x88
[  676.030000] [<80008e0c>] kernel_thread_helper+0x10/0x18
[  676.030000]
[  676.030000]
[  676.030000] Code: 24020001  10620005  2502001f <0200000d> 0804917a  00000000  2502001f  00441023  00531021

Fix this by making a local copy of shared skbs prior to mangeling them.
To avoid copying the skb unnecessarily move the skb_copy call below the
checks that don't need write access to the skb.

Also, move the assignment of nh_pos and h_pos below the skb_copy to point
to the correct skb.

It would be possible to avoid another resize of the copied skb by using
skb_copy_expand instead of skb_copy but that would make the patch more
complex. Also, shared skbs are a corner case right now, so the resize
shouldn't matter much.

Cc: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
Cc: stable@kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2010-12-08 15:23:48 -05:00
..
aes_ccm.c mac80211: Don't squash error codes in key setup functions 2010-08-16 15:26:38 -04:00
aes_ccm.h
aes_cmac.c mac80211: Don't squash error codes in key setup functions 2010-08-16 15:26:38 -04:00
aes_cmac.h
agg-rx.c mac80211: avoid transmitting delBA to old AP 2010-10-06 16:30:40 -04:00
agg-tx.c mac80211: avoid transmitting delBA to old AP 2010-10-06 16:30:40 -04:00
cfg.c mac80211: add probe request filter flag 2010-10-13 15:45:22 -04:00
cfg.h
chan.c cfg80211/mac80211: use lockdep_assert_held 2010-09-16 15:46:00 -04:00
debugfs_key.c mac80211: fix failure to check kmalloc return value in key_key_read 2010-10-29 14:33:26 -04:00
debugfs_key.h
debugfs_netdev.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2010-10-23 11:47:02 -07:00
debugfs_netdev.h mac80211: reduce reliance on netdev 2009-12-21 18:38:52 -05:00
debugfs_sta.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2010-10-23 11:47:02 -07:00
debugfs_sta.h
debugfs.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2010-10-23 11:47:02 -07:00
debugfs.h net: Remove unnecessary returns from void function()s 2010-05-17 23:23:14 -07:00
driver-ops.h mac80211: add p2p device type support 2010-09-16 15:46:07 -04:00
driver-trace.c
driver-trace.h mac80211: add p2p device type support 2010-09-16 15:46:07 -04:00
event.c
ht.c mac80211: fix SMPS request 2010-10-13 15:45:23 -04:00
ibss.c mac80211: Fix ibss station got expired immediately 2010-10-25 14:45:56 -04:00
ieee80211_i.h mac80211: add probe request filter flag 2010-10-13 15:45:22 -04:00
iface.c mac80211: unset SDATA_STATE_OFFCHANNEL when cancelling a scan 2010-11-08 16:53:47 -05:00
Kconfig mac82011: Allow selection of minstrel_ht as default rc algorithm 2010-06-30 15:00:53 -04:00
key.c cfg80211/mac80211: allow per-station GTKs 2010-10-06 16:30:40 -04:00
key.h cfg80211/mac80211: allow per-station GTKs 2010-10-06 16:30:40 -04:00
led.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
led.h
main.c mac80211: Fix scan_ies_len to include DS Params 2010-10-27 15:46:51 -04:00
Makefile mac80211: add the minstrel_ht rate control algorithm 2010-06-02 16:12:59 -04:00
mesh_hwmp.c mac80211: use common work struct 2010-06-14 15:38:17 -04:00
mesh_pathtbl.c mac80211: use common work struct 2010-06-14 15:38:17 -04:00
mesh_plink.c mac80211: fix possible null-pointer de-reference 2010-10-11 15:04:20 -04:00
mesh.c mac80211: pull mgmt frame rx into rx handler 2010-06-14 15:39:26 -04:00
mesh.h Fix spelling fuction -> function in comments 2010-08-09 11:22:49 +02:00
michael.c
michael.h
mlme.c mac80211: Improve mlme probe response log messages. 2010-10-11 15:04:19 -04:00
offchannel.c mac80211: disable beacon monitor while going offchannel 2010-09-16 15:46:17 -04:00
pm.c mac80211: assure we also cancel deferred scan request 2010-10-06 16:30:42 -04:00
rate.c mac80211: don't sanitize invalid rates 2010-10-25 14:43:13 -04:00
rate.h mac80211: add the minstrel_ht rate control algorithm 2010-06-02 16:12:59 -04:00
rc80211_minstrel_debugfs.c llseek: automatically add .llseek fop 2010-10-15 15:53:27 +02:00
rc80211_minstrel_ht_debugfs.c mac80211: disallow seeks in minstrel debug code 2010-09-16 10:33:17 +02:00
rc80211_minstrel_ht.c mac80211: minstrel_ht A-MPDU fix 2010-10-11 15:04:24 -04:00
rc80211_minstrel_ht.h minstrel_ht: move minstrel_mcs_groups declaration to header file 2010-06-24 15:42:18 -04:00
rc80211_minstrel.c minstrel: don't complain about feedback for unrequested rates 2010-07-26 15:09:04 -04:00
rc80211_minstrel.h minstrel: make the rate control ops reusable from another rc implementation 2010-03-10 17:44:23 -05:00
rc80211_pid_algo.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
rc80211_pid_debugfs.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2010-10-23 11:47:02 -07:00
rc80211_pid.h
rx.c mac80211: Fix STA disconnect due to MIC failure 2010-11-30 13:45:02 -05:00
scan.c mac80211: fix sw scan locking 2010-10-07 14:41:27 -04:00
spectmgmt.c mac80211: reduce reliance on netdev 2009-12-21 18:38:52 -05:00
sta_info.c cfg80211/mac80211: allow per-station GTKs 2010-10-06 16:30:40 -04:00
sta_info.h cfg80211/mac80211: allow per-station GTKs 2010-10-06 16:30:40 -04:00
status.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 2010-10-07 14:39:03 -04:00
tkip.c mac80211: remove wep dependency 2010-07-08 16:35:50 -04:00
tkip.h mac80211: remove wep dependency 2010-07-08 16:35:50 -04:00
tx.c mac80211: Fix BUG in pskb_expand_head when transmitting shared skbs 2010-12-08 15:23:48 -05:00
util.c mac80211: avoid transmitting delBA to old AP 2010-10-06 16:30:40 -04:00
wep.c mac80211: don't kmalloc 16 bytes 2010-10-11 15:04:23 -04:00
wep.h mac80211: remove wep dependency 2010-07-08 16:35:50 -04:00
wme.c mac80211: fix-up build breakage in 2.6.33 2010-01-06 15:35:49 -05:00
wme.h mac80211: fix skb buffering issue 2010-01-05 16:21:40 -05:00
work.c mac80211: per interface idle notification 2010-08-16 15:26:40 -04:00
wpa.c mac80211: move packet flags into packet 2010-09-27 15:57:54 -04:00
wpa.h