>From fd023edd911ef12aca38a72b40241661c202684f Mon Sep 17 00:00:00 2001
From: Ramesh Nagappa <ramesh.naga...@ericsson.com>
Date: Thu, 27 Sep 2012 10:20:58 -0700
Subject: [PATCH] net: fix neigh_resolve_output can cause skb_under_panic
The retry loop in the neigh_resolve_output() and neigh_connected_output() can
add
a hard_header without resetting the skb to network header. This causes the
skb_push() in dev_hard_header() to fail.
Signed-off-by: Ramesh Nagappa <ramesh.naga...@ericsson.com>
Signed-off-by: Shawn Lu <shawn...@ericsson.com>
Reviewed-by: Billie Alsup <billie.al...@ericsson.com>
Reviewed-by: Robert Coulson <robert.coul...@ericsson.com>
---
net/core/neighbour.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index 96bb0a3..5a3dfec5 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -1327,6 +1327,7 @@ int neigh_resolve_output(struct sk_buff *skb)
do {
seq = read_seqbegin(&neigh->ha_lock);
+ __skb_pull(skb, skb_network_offset(skb));
err = dev_hard_header(skb, dev, ntohs(skb->protocol),
neigh->ha, NULL, skb->len);
} while (read_seqretry(&neigh->ha_lock, seq));
@@ -1358,10 +1359,10 @@ int neigh_connected_output(struct sk_buff *skb)
struct net_device *dev = neigh->dev;
unsigned int seq;
- __skb_pull(skb, skb_network_offset(skb));
do {
seq = read_seqbegin(&neigh->ha_lock);
+ __skb_pull(skb, skb_network_offset(skb));
err = dev_hard_header(skb, dev, ntohs(skb->protocol),
neigh->ha, NULL, skb->len);
} while (read_seqretry(&neigh->ha_lock, seq));
--
1.7.3.1
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
