[PATCH 176/241] net: Fix skb_under_panic oops in neigh_resolve_output
From: Herton Ronaldo Krzesinski
Date: Thu Dec 13 2012 - 09:11:31 EST
3.5.7.2 -stable review patch. If anyone has any objections, please let me know.
------------------
From: "ramesh.nagappa@xxxxxxxxx" <ramesh.nagappa@xxxxxxxxx>
commit e1f165032c8bade3a6bdf546f8faf61fda4dd01c upstream.
The retry loop in neigh_resolve_output() and neigh_connected_output()
call dev_hard_header() with out reseting the skb to network_header.
This causes the retry to fail with skb_under_panic. The fix is to
reset the network_header within the retry loop.
Signed-off-by: Ramesh Nagappa <ramesh.nagappa@xxxxxxxxxxxx>
Reviewed-by: Shawn Lu <shawn.lu@xxxxxxxxxxxx>
Reviewed-by: Robert Coulson <robert.coulson@xxxxxxxxxxxx>
Reviewed-by: Billie Alsup <billie.alsup@xxxxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Herton Ronaldo Krzesinski <herton.krzesinski@xxxxxxxxxxxxx>
---
net/core/neighbour.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index d81d026..5c2dac3 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -1286,8 +1286,6 @@ int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb)
if (!dst)
goto discard;
- __skb_pull(skb, skb_network_offset(skb));
-
if (!neigh_event_send(neigh, skb)) {
int err;
struct net_device *dev = neigh->dev;
@@ -1297,6 +1295,7 @@ int neigh_resolve_output(struct neighbour *neigh, struct sk_buff *skb)
neigh_hh_init(neigh, dst);
do {
+ __skb_pull(skb, skb_network_offset(skb));
seq = read_seqbegin(&neigh->ha_lock);
err = dev_hard_header(skb, dev, ntohs(skb->protocol),
neigh->ha, NULL, skb->len);
@@ -1327,9 +1326,8 @@ int neigh_connected_output(struct neighbour *neigh, struct sk_buff *skb)
unsigned int seq;
int err;
- __skb_pull(skb, skb_network_offset(skb));
-
do {
+ __skb_pull(skb, skb_network_offset(skb));
seq = read_seqbegin(&neigh->ha_lock);
err = dev_hard_header(skb, dev, ntohs(skb->protocol),
neigh->ha, NULL, skb->len);
--
1.7.9.5
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/