From patchwork Wed Jul 1 13:01:11 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander A Sverdlin X-Patchwork-Id: 490133 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id A56DB1402AD for ; Wed, 1 Jul 2015 23:02:10 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751651AbbGANCG (ORCPT ); Wed, 1 Jul 2015 09:02:06 -0400 Received: from demumfd001.nsn-inter.net ([93.183.12.32]:60292 "EHLO demumfd001.nsn-inter.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751003AbbGANCD (ORCPT ); Wed, 1 Jul 2015 09:02:03 -0400 Received: from demuprx017.emea.nsn-intra.net ([10.150.129.56]) by demumfd001.nsn-inter.net (8.15.1/8.15.1) with ESMTPS id t61D1FQw001882 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 1 Jul 2015 13:01:15 GMT Received: from [10.151.39.165] ([10.151.39.165]) by demuprx017.emea.nsn-intra.net (8.12.11.20060308/8.12.11) with ESMTP id t61D1Drn024468; Wed, 1 Jul 2015 15:01:13 +0200 To: netdev@vger.kernel.org, David Miller , Matt Porter Cc: Alexandre Bounine , Frank Kunz , Marek Krzyzowski From: Alexander Sverdlin Subject: [PATCH] rionet: Don't try to corrupt skbuff assigning data pointer directly Message-ID: <5593E497.40804@nokia.com> Date: Wed, 1 Jul 2015 15:01:11 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.0.1 MIME-Version: 1.0 X-purgate-type: clean X-purgate-Ad: Categorized by eleven eXpurgate (R) http://www.eleven.de X-purgate: clean X-purgate: This mail is considered clean (visit http://www.eleven.de for further information) X-purgate-size: 1311 X-purgate-ID: 151667::1435755678-000058F0-860886AE/0/0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org It's not allowed to assign data pointer of skbuff directly, this makes no sense if the assigned pointer is the very same as already existing one, or it brakes all the pointer arithmetics in all other cases. We cannot do better as just compare them and report BUG() in case of mismatch. Signed-off-by: Alexander Sverdlin --- We came across this problem developing new code for Octeon2 RAPIDIO. For the last 10 years since original commit of the code this assignment did nothing as the pointers were always same. But the bug in the new code discovered this one. So better do BUG() immediately here, this would prevent longer debugging of the following skbuff corruption. drivers/net/rionet.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/drivers/net/rionet.c b/drivers/net/rionet.c index dac7a0d..34c27b8 100644 --- a/drivers/net/rionet.c +++ b/drivers/net/rionet.c @@ -104,7 +104,8 @@ static int rionet_rx_clean(struct net_device *ndev) if (!(data = rio_get_inb_message(rnet->mport, RIONET_MAILBOX))) break; - rnet->rx_skb[i]->data = data; + if (rnet->rx_skb[i]->data != data) + BUG(); skb_put(rnet->rx_skb[i], RIO_MAX_MSG_SIZE); rnet->rx_skb[i]->protocol = eth_type_trans(rnet->rx_skb[i], ndev);