aboutsummaryrefslogtreecommitdiffstats
path: root/net/8021q
diff options
context:
space:
mode:
authorEvgeniy Polyakov <johnpol@2ka.mipt.ru>2007-08-25 02:36:29 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2007-08-26 21:35:47 -0400
commite7c243c925f6d9dcb898504ff24d6650b5cbb3b1 (patch)
treef06ae59e206e4876b0326c65811f496a8b1f4bdc /net/8021q
parent7c8347a91dbbb723d8ed106ec817dabac97f2bbc (diff)
[VLAN/BRIDGE]: Fix "skb_pull_rcsum - Fatal exception in interrupt"
I tried to preserve bridging code as it was before, but logic is quite strange - I think we should free skb on error, since it is already unshared and thus will just leak. Herbert Xu states: > + if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) > + goto out; If this happens it'll be a double-free on skb since we'll return NF_DROP which makes the caller free it too. We could return NF_STOLEN to prevent that but I'm not sure whether that's correct netfilter semantics. Patrick, could you please make a call on this? Patrick McHardy states: NF_STOLEN should work fine here. Signed-off-by: Evgeniy Polyakov <johnpol@2ka.mipt.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/8021q')
-rw-r--r--net/8021q/vlan_dev.c12
1 files changed, 11 insertions, 1 deletions
diff --git a/net/8021q/vlan_dev.c b/net/8021q/vlan_dev.c
index 4bab322c9f8f..328759c32d61 100644
--- a/net/8021q/vlan_dev.c
+++ b/net/8021q/vlan_dev.c
@@ -116,12 +116,22 @@ int vlan_skb_recv(struct sk_buff *skb, struct net_device *dev,
116 struct packet_type* ptype, struct net_device *orig_dev) 116 struct packet_type* ptype, struct net_device *orig_dev)
117{ 117{
118 unsigned char *rawp = NULL; 118 unsigned char *rawp = NULL;
119 struct vlan_hdr *vhdr = (struct vlan_hdr *)(skb->data); 119 struct vlan_hdr *vhdr;
120 unsigned short vid; 120 unsigned short vid;
121 struct net_device_stats *stats; 121 struct net_device_stats *stats;
122 unsigned short vlan_TCI; 122 unsigned short vlan_TCI;
123 __be16 proto; 123 __be16 proto;
124 124
125 if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)
126 return -1;
127
128 if (unlikely(!pskb_may_pull(skb, VLAN_HLEN))) {
129 kfree_skb(skb);
130 return -1;
131 }
132
133 vhdr = (struct vlan_hdr *)(skb->data);
134
125 /* vlan_TCI = ntohs(get_unaligned(&vhdr->h_vlan_TCI)); */ 135 /* vlan_TCI = ntohs(get_unaligned(&vhdr->h_vlan_TCI)); */
126 vlan_TCI = ntohs(vhdr->h_vlan_TCI); 136 vlan_TCI = ntohs(vhdr->h_vlan_TCI);
127 137