Re: [PATCH] drivers/net/wan/lapbether.c: Fixed kernel panic when used with AF_PACKET sockets

From: David Miller
Date: Mon Jun 01 2020 - 14:37:48 EST


From: Xie He <hexie3605@xxxxxxxxx>
Date: Wed, 27 May 2020 20:21:33 -0700

> When we use "AF_PACKET" sockets to send data directly over LAPB over
> Ethernet using this driver, the kernel will panic because of
> insufficient header space allocated in the "sk_buff" struct.
>
> The header space needs 18 bytes because:
> the lapbether driver will remove a pseudo header of 1 byte;
> the lapb module will prepend the LAPB header of 2 or 3 bytes;
> the lapbether driver will prepend a length field of 2 bytes and the
> Ethernet header of 14 bytes.
>
> So -1 + 3 + 16 = 18.
>
> Signed-off-by: Xie He <hexie3605@xxxxxxxxx>

This is not the real problem.

The real problem is that this is a stacked, layered, device and the
lapbether driver does not take the inner device's header length into
consideration. It should take this from the child device's netdev
structure rather than use constants.

Your test case will still fail when lapbether is stacked on top of a
VLAN device or similar, even with your changes.