Hi,
via-rhine driver in 4.2.x kernels doesn’t correctly parse VLAN ID on receive. A
bug was introduced in the commit 810f19bcb862f8889b27e0c9d9eceac9593925dd. All
4.2.x kernels are affected. 4.1.x and older kernels are not affected.
During code refactoring, the sequence of calls changed which introduced a
regression. Original sequence was:
1) Read TCI from skb->data
2) Determine eth protocol using eth_type_trans (which calls skb_pull_inline)
3) Write TCI to skb->vlan_tci
After the change, the sequence is:
1) Determine protocol using eth_type_trans (which calls skb_pull_inline)
2) Read TCI from skb->data
3) Write TCI to skb->vlan_tci
Because eth_type_trans consumes ethernet header worth of bytes, a call to read
TCI from packet no longer works as expected as it’s reading from invalid offset.
Choosing between changing rhine_get_vlan_tci(), which retrieves TCI from
skb->data, or moving eth_type_trans() invocation after rhine_rx_vlan_tag(), I
chose the latter.
Andrej.
--- linux-4.2.2.orig/drivers/net/ethernet/via/via-rhine.c 2015-10-03
15:46:59.817000000 +0200
+++ linux-4.2.2/drivers/net/ethernet/via/via-rhine.c 2015-10-03
18:53:51.799000000 +0200
@@ -2134,10 +2134,11 @@
}
skb_put(skb, pkt_len);
- skb->protocol = eth_type_trans(skb, dev);
rhine_rx_vlan_tag(skb, desc, data_size);
+ skb->protocol = eth_type_trans(skb, dev);
+
netif_receive_skb(skb);
u64_stats_update_begin(&rp->rx_stats.syncp);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
