• Sven Eckelmann's avatar
    batman-adv: Fix segfault when writing to sysfs elp_interval · a25bab9d
    Sven Eckelmann authored
    The per hardif sysfs file "batman_adv/elp_interval" is using the generic
    functions to store/show uint values. The helper __batadv_store_uint_attr
    requires the softif net_device as parameter to print the resulting change
    as info text when the users writes to this file. It uses the helper
    function batadv_info to add it at the same time to the kernel ring buffer
    and to the batman-adv debug log (when CONFIG_BATMAN_ADV_DEBUG is enabled).
    
    The function batadv_info requires as first parameter the batman-adv softif
    net_device. This parameter is then used to find the private buffer which
    contains the debug log for this batman-adv interface. But
    batadv_store_throughput_override used as first argument the slave
    net_device. This slave device doesn't have the batadv_priv private data
    which is access by batadv_info.
    
    Writing to this file with CONFIG_BATMAN_ADV_DEBUG enabled can either lead
    to a segfault or to memory corruption.
    
    Fixes: 0744ff8f ("batman-adv: Add hard_iface specific sysfs wrapper macros for UINT")
    Signed-off-by: default avatarSven Eckelmann <sven@narfation.org>
    Acked-by: default avatarMarek Lindner <mareklindner@neomailbox.ch>
    Signed-off-by: default avatarSimon Wunderlich <sw@simonwunderlich.de>
    a25bab9d
sysfs.c 35.4 KB