Commit f347b873 authored by Sven Eckelmann's avatar Sven Eckelmann Committed by Greg Kroah-Hartman

Staging: batman-adv: Clone shared bat packets before modifying them

"tcpdump" and "batctl td" will receive packets with a wrong sequence
number on systems with a different endianess than network byte order.
This happens due to the reordering of bytes in the function which
handles aggregated bat packets. The function which receives the bat
packets must ensure that these buffers aren't shared with anything else
before that function tries to write into it. Otherwise it has to copy
the buffers so it is save again to change them.
Reported-by: default avatarKevin Steen <batman@kevinsteen.net>
Signed-off-by: default avatarSven Eckelmann <sven.eckelmann@gmx.de>
Signed-off-by: default avatarMarek Lindner <lindner_marek@yahoo.de>
Signed-off-by: default avatarAndrew Lunn <andrew@lunn.ch>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
parent adaaa0c6
...@@ -549,6 +549,7 @@ int recv_bat_packet(struct sk_buff *skb, ...@@ -549,6 +549,7 @@ int recv_bat_packet(struct sk_buff *skb,
{ {
struct ethhdr *ethhdr; struct ethhdr *ethhdr;
unsigned long flags; unsigned long flags;
struct sk_buff *skb_old;
/* drop packet if it has not necessary minimum size */ /* drop packet if it has not necessary minimum size */
if (skb_headlen(skb) < sizeof(struct batman_packet)) if (skb_headlen(skb) < sizeof(struct batman_packet))
...@@ -564,12 +565,19 @@ int recv_bat_packet(struct sk_buff *skb, ...@@ -564,12 +565,19 @@ int recv_bat_packet(struct sk_buff *skb,
if (is_bcast(ethhdr->h_source)) if (is_bcast(ethhdr->h_source))
return NET_RX_DROP; return NET_RX_DROP;
spin_lock_irqsave(&orig_hash_lock, flags);
/* TODO: we use headlen instead of "length", because /* TODO: we use headlen instead of "length", because
* only this data is paged in. */ * only this data is paged in. */
/* TODO: is another skb_copy needed here? there will be
* written on the data, but nobody (?) should further use /* create a copy of the skb, if needed, to modify it. */
* this data */ if (!skb_clone_writable(skb, skb_headlen(skb))) {
skb_old = skb;
skb = skb_copy(skb, GFP_ATOMIC);
if (!skb)
return NET_RX_DROP;
kfree_skb(skb_old);
}
spin_lock_irqsave(&orig_hash_lock, flags);
receive_aggr_bat_packet(ethhdr, receive_aggr_bat_packet(ethhdr,
skb->data, skb->data,
skb_headlen(skb), skb_headlen(skb),
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment