This is a note to let you know that I've just added the patch titled
nl80211: clear skb cb before passing to netlink
to the 3.16-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
nl80211-clear-skb-cb-before-passing-to-netlink.patch
and it can be found in the queue-3.16 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.
>From bd8c78e78d5011d8111bc2533ee73b13a3bd6c42 Mon Sep 17 00:00:00 2001
From: Johannes Berg <[email protected]>
Date: Wed, 30 Jul 2014 14:55:26 +0200
Subject: nl80211: clear skb cb before passing to netlink
From: Johannes Berg <[email protected]>
commit bd8c78e78d5011d8111bc2533ee73b13a3bd6c42 upstream.
In testmode and vendor command reply/event SKBs we use the
skb cb data to store nl80211 parameters between allocation
and sending. This causes the code for CONFIG_NETLINK_MMAP
to get confused, because it takes ownership of the skb cb
data when the SKB is handed off to netlink, and it doesn't
explicitly clear it.
Clear the skb cb explicitly when we're done and before it
gets passed to netlink to avoid this issue.
Reported-by: Assaf Azulay <[email protected]>
Reported-by: David Spinadel <[email protected]>
Signed-off-by: Johannes Berg <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/wireless/nl80211.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -6978,6 +6978,9 @@ void __cfg80211_send_event_skb(struct sk
struct nlattr *data = ((void **)skb->cb)[2];
enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
+ /* clear CB data for netlink core to own from now on */
+ memset(skb->cb, 0, sizeof(skb->cb));
+
nla_nest_end(skb, data);
genlmsg_end(skb, hdr);
@@ -9300,6 +9303,9 @@ int cfg80211_vendor_cmd_reply(struct sk_
void *hdr = ((void **)skb->cb)[1];
struct nlattr *data = ((void **)skb->cb)[2];
+ /* clear CB data for netlink core to own from now on */
+ memset(skb->cb, 0, sizeof(skb->cb));
+
if (WARN_ON(!rdev->cur_cmd_info)) {
kfree_skb(skb);
return -EINVAL;
Patches currently in stable-queue which might be from [email protected]
are
queue-3.16/iwlwifi-mvm-treat-eapols-like-mgmt-frames-wrt-rate.patch
queue-3.16/iwlwifi-mvm-set-mac_filter_in_beacon-correctly-for-sta-p2p-client.patch
queue-3.16/iwlwifi-mvm-fix-endianity-issues-with-smart-fifo-commands.patch
queue-3.16/regulatory-add-nul-to-alpha2.patch
queue-3.16/nl80211-clear-skb-cb-before-passing-to-netlink.patch
queue-3.16/revert-mac80211-disable-uapsd-if-all-acs-are-under-acm.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
