diff options
author | Sven Eckelmann <sven.eckelmann@gmx.de> | 2010-05-07 23:47:07 +0400 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2010-05-12 00:42:38 +0400 |
commit | f347b8736f176681fbfc666bf00165125a3274a5 (patch) | |
tree | 1aca9e9ddf9b3b32843b2e06815b9f35cd2a04cd /drivers/staging/batman-adv | |
parent | adaaa0c6ab89e82684389b80002bce893179cf2c (diff) | |
download | linux-f347b8736f176681fbfc666bf00165125a3274a5.tar.xz |
Staging: batman-adv: Clone shared bat packets before modifying them
"tcpdump" and "batctl td" will receive packets with a wrong sequence
number on systems with a different endianess than network byte order.
This happens due to the reordering of bytes in the function which
handles aggregated bat packets. The function which receives the bat
packets must ensure that these buffers aren't shared with anything else
before that function tries to write into it. Otherwise it has to copy
the buffers so it is save again to change them.
Reported-by: Kevin Steen <batman@kevinsteen.net>
Signed-off-by: Sven Eckelmann <sven.eckelmann@gmx.de>
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'drivers/staging/batman-adv')
-rw-r--r-- | drivers/staging/batman-adv/routing.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/drivers/staging/batman-adv/routing.c b/drivers/staging/batman-adv/routing.c index d89048beebe1..39dd093d7f2d 100644 --- a/drivers/staging/batman-adv/routing.c +++ b/drivers/staging/batman-adv/routing.c @@ -549,6 +549,7 @@ int recv_bat_packet(struct sk_buff *skb, { struct ethhdr *ethhdr; unsigned long flags; + struct sk_buff *skb_old; /* drop packet if it has not necessary minimum size */ if (skb_headlen(skb) < sizeof(struct batman_packet)) @@ -564,12 +565,19 @@ int recv_bat_packet(struct sk_buff *skb, if (is_bcast(ethhdr->h_source)) return NET_RX_DROP; - spin_lock_irqsave(&orig_hash_lock, flags); /* TODO: we use headlen instead of "length", because * only this data is paged in. */ - /* TODO: is another skb_copy needed here? there will be - * written on the data, but nobody (?) should further use - * this data */ + + /* create a copy of the skb, if needed, to modify it. */ + if (!skb_clone_writable(skb, skb_headlen(skb))) { + skb_old = skb; + skb = skb_copy(skb, GFP_ATOMIC); + if (!skb) + return NET_RX_DROP; + kfree_skb(skb_old); + } + + spin_lock_irqsave(&orig_hash_lock, flags); receive_aggr_bat_packet(ethhdr, skb->data, skb_headlen(skb), |