Commit e1f16503 authored by ramesh.nagappa@gmail.com's avatar ramesh.nagappa@gmail.com Committed by David S. Miller

net: Fix skb_under_panic oops in neigh_resolve_output

The retry loop in neigh_resolve_output() and neigh_connected_output()
call dev_hard_header() with out reseting the skb to network_header.
This causes the retry to fail with skb_under_panic. The fix is to
reset the network_header within the retry loop.
Signed-off-by: default avatarRamesh Nagappa <ramesh.nagappa@ericsson.com>
Reviewed-by: default avatarShawn Lu <shawn.lu@ericsson.com>
Reviewed-by: default avatarRobert Coulson <robert.coulson@ericsson.com>
Reviewed-by: default avatarBillie Alsup <billie.alsup@ericsson.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 0bd8ba18
...@@ -1301,8 +1301,6 @@ int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb) ...@@ -1301,8 +1301,6 @@ int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb)
if (!dst) if (!dst)
goto discard; goto discard;
__skb_pull(skb, skb_network_offset(skb));
if (!neigh_event_send(neigh, skb)) { if (!neigh_event_send(neigh, skb)) {
int err; int err;
struct net_device *dev = neigh->dev; struct net_device *dev = neigh->dev;
...@@ -1312,6 +1310,7 @@ int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb) ...@@ -1312,6 +1310,7 @@ int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb)
neigh_hh_init(neigh, dst); neigh_hh_init(neigh, dst);
do { do {
__skb_pull(skb, skb_network_offset(skb));
seq = read_seqbegin(&neigh->ha_lock); seq = read_seqbegin(&neigh->ha_lock);
err = dev_hard_header(skb, dev, ntohs(skb->protocol), err = dev_hard_header(skb, dev, ntohs(skb->protocol),
neigh->ha, NULL, skb->len); neigh->ha, NULL, skb->len);
...@@ -1342,9 +1341,8 @@ int neigh_connected_output(struct neighbour *neigh, struct sk_buff *skb) ...@@ -1342,9 +1341,8 @@ int neigh_connected_output(struct neighbour *neigh, struct sk_buff *skb)
unsigned int seq; unsigned int seq;
int err; int err;
__skb_pull(skb, skb_network_offset(skb));
do { do {
__skb_pull(skb, skb_network_offset(skb));
seq = read_seqbegin(&neigh->ha_lock); seq = read_seqbegin(&neigh->ha_lock);
err = dev_hard_header(skb, dev, ntohs(skb->protocol), err = dev_hard_header(skb, dev, ntohs(skb->protocol),
neigh->ha, NULL, skb->len); neigh->ha, NULL, skb->len);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment