Message ID | 20170209131211.GA16072@linux-mips.org |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
From: Ralf Baechle <ralf@linux-mips.org> Date: Thu, 9 Feb 2017 14:12:11 +0100 > If a USB-to-serial adapter is unplugged, the driver re-initializes, with > dev->hard_header_len and dev->addr_len set to zero, instead of the correct > values. If then a packet is sent through the half-dead interface, the > kernel will panic due to running out of headroom in the skb when pushing > for the AX.25 headers resulting in this panic: > > [<c0595468>] (skb_panic) from [<c0401f70>] (skb_push+0x4c/0x50) > [<c0401f70>] (skb_push) from [<bf0bdad4>] (ax25_hard_header+0x34/0xf4 [ax25]) > [<bf0bdad4>] (ax25_hard_header [ax25]) from [<bf0d05d4>] (ax_header+0x38/0x40 [mkiss]) > [<bf0d05d4>] (ax_header [mkiss]) from [<c041b584>] (neigh_compat_output+0x8c/0xd8) > [<c041b584>] (neigh_compat_output) from [<c043e7a8>] (ip_finish_output+0x2a0/0x914) > [<c043e7a8>] (ip_finish_output) from [<c043f948>] (ip_output+0xd8/0xf0) > [<c043f948>] (ip_output) from [<c043f04c>] (ip_local_out_sk+0x44/0x48) > > This patch makes mkiss behave like the 6pack driver. 6pack does not > panic. In 6pack.c sp_setup() (same function name here) the values for > dev->hard_header_len and dev->addr_len are set to the same values as in > my mkiss patch. > > [ralf@linux-mips.org: Massages original submission to conform to the usual > standards for patch submissions.] > > Signed-off-by: Thomas Osterried <thomas@osterried.de> > Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Applied, thank you.
diff --git a/drivers/net/hamradio/mkiss.c b/drivers/net/hamradio/mkiss.c index 1dfe230..e0a6b1a 100644 --- a/drivers/net/hamradio/mkiss.c +++ b/drivers/net/hamradio/mkiss.c @@ -648,8 +648,8 @@ static void ax_setup(struct net_device *dev) { /* Finish setting up the DEVICE info. */ dev->mtu = AX_MTU; - dev->hard_header_len = 0; - dev->addr_len = 0; + dev->hard_header_len = AX25_MAX_HEADER_LEN; + dev->addr_len = AX25_ADDR_LEN; dev->type = ARPHRD_AX25; dev->tx_queue_len = 10; dev->header_ops = &ax25_header_ops;