diff options
| author | Sven Eckelmann <sven@narfation.org> | 2019-01-01 00:31:01 +0300 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2019-02-20 12:13:20 +0300 |
| commit | b2942d59a3cd66a5202eedcd41e751c0d0bd6e5e (patch) | |
| tree | b8e911c692c116e96c20ffeb72a98b1ea9925d52 | |
| parent | 8fe161469f1847d14068aec829d77e428cb653d1 (diff) | |
| download | linux-b2942d59a3cd66a5202eedcd41e751c0d0bd6e5e.tar.xz | |
batman-adv: Force mac header to start of data on xmit
commit 9114daa825fc3f335f9bea3313ce667090187280 upstream.
The caller of ndo_start_xmit may not already have called
skb_reset_mac_header. The returned value of skb_mac_header/eth_hdr
therefore can be in the wrong position and even outside the current skbuff.
This for example happens when the user binds to the device using a
PF_PACKET-SOCK_RAW with enabled qdisc-bypass:
int opt = 4;
setsockopt(sock, SOL_PACKET, PACKET_QDISC_BYPASS, &opt, sizeof(opt));
Since eth_hdr is used all over the codebase, the batadv_interface_tx
function must always take care of resetting it.
Fixes: c6c8fea29769 ("net: Add batman-adv meshing protocol")
Reported-by: syzbot+9d7405c7faa390e60b4e@syzkaller.appspotmail.com
Reported-by: syzbot+7d20bc3f1ddddc0f9079@syzkaller.appspotmail.com
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | net/batman-adv/soft-interface.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c index 9f1fe6169bef..5aeb585571ed 100644 --- a/net/batman-adv/soft-interface.c +++ b/net/batman-adv/soft-interface.c @@ -209,6 +209,8 @@ static int batadv_interface_tx(struct sk_buff *skb, soft_iface->trans_start = jiffies; vid = batadv_get_vid(skb, 0); + + skb_reset_mac_header(skb); ethhdr = eth_hdr(skb); switch (ntohs(ethhdr->h_proto)) { |