| Message ID | 1612358476-19556-2-git-send-email-loic.poulain@linaro.org (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | [net-next,v3,1/2] net: mhi-net: Add de-aggeration support | expand |
| Context | Check | Description |
|---|---|---|
| netdev/cover_letter | success | Link |
| netdev/fixes_present | success | Link |
| netdev/patch_count | success | Link |
| netdev/tree_selection | success | Clearly marked for net-next |
| netdev/subject_prefix | success | Link |
| netdev/cc_maintainers | success | CCed 5 of 5 maintainers |
| netdev/source_inline | success | Was 0 now: 0 |
| netdev/verify_signedoff | success | Link |
| netdev/module_param | success | Was 0 now: 0 |
| netdev/build_32bit | success | Errors and warnings before: 0 this patch: 0 |
| netdev/kdoc | success | Errors and warnings before: 0 this patch: 0 |
| netdev/verify_fixes | success | Link |
| netdev/checkpatch | success | total: 0 errors, 0 warnings, 0 checks, 8 lines checked |
| netdev/build_allmodconfig_warn | success | Errors and warnings before: 0 this patch: 0 |
| netdev/header_inline | success | Link |
| netdev/stable | success | Stable not CCed |
On Wed, Feb 3, 2021 at 8:17 AM Loic Poulain <loic.poulain@linaro.org> wrote: > > There is no guarantee that rmnet rx_handler is only fed with linear > skbs, but current rmnet implementation does not check that, leading > to crash in case of non linear skbs processed as linear ones. > > Fix that by ensuring skb linearization before processing. > > Signed-off-by: Loic Poulain <loic.poulain@linaro.org> > Acked-by: Willem de Bruijn <willemb@google.com> > Reviewed-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org> > --- > v2: Add this patch to the series to prevent crash > v3: no change > > drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c b/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c > index 3d7d3ab..2776c32 100644 > --- a/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c > +++ b/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c > @@ -180,7 +180,7 @@ rx_handler_result_t rmnet_rx_handler(struct sk_buff **pskb) > struct rmnet_port *port; > struct net_device *dev; > > - if (!skb) > + if (!skb || skb_linearize(skb)) > goto done; Actually, if skb_linearize fails, the skb must be freed.
On Wed, 3 Feb 2021 at 15:04, Willem de Bruijn <willemdebruijn.kernel@gmail.com> wrote: > > On Wed, Feb 3, 2021 at 8:17 AM Loic Poulain <loic.poulain@linaro.org> wrote: > > > > There is no guarantee that rmnet rx_handler is only fed with linear > > skbs, but current rmnet implementation does not check that, leading > > to crash in case of non linear skbs processed as linear ones. > > > > Fix that by ensuring skb linearization before processing. > > > > Signed-off-by: Loic Poulain <loic.poulain@linaro.org> > > Acked-by: Willem de Bruijn <willemb@google.com> > > Reviewed-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org> > > --- > > v2: Add this patch to the series to prevent crash > > v3: no change > > > > drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c b/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c > > index 3d7d3ab..2776c32 100644 > > --- a/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c > > +++ b/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c > > @@ -180,7 +180,7 @@ rx_handler_result_t rmnet_rx_handler(struct sk_buff **pskb) > > struct rmnet_port *port; > > struct net_device *dev; > > > > - if (!skb) > > + if (!skb || skb_linearize(skb)) > > goto done; > > Actually, if skb_linearize fails, the skb must be freed. Ouch, you're right. Regards, Loic
diff --git a/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c b/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c index 3d7d3ab..2776c32 100644 --- a/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c +++ b/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c @@ -180,7 +180,7 @@ rx_handler_result_t rmnet_rx_handler(struct sk_buff **pskb) struct rmnet_port *port; struct net_device *dev; - if (!skb) + if (!skb || skb_linearize(skb)) goto done; if (skb->pkt_type == PACKET_LOOPBACK)