Re: [PATCH] NET: Fix possible corruption in bpqether driver
From: David Miller <davem@davemloft.net>
Date: 2009-09-03 06:10:33
Also in:
linux-hams
From: David Miller <davem@davemloft.net>
Date: 2009-09-03 06:10:33
Also in:
linux-hams
From: Ralf Baechle <redacted> Date: Wed, 2 Sep 2009 09:58:52 +0100
The bpq ether driver is modifying the data art of the skb by first dropping the KISS byte (a command byte for the radio) then prepending the length + 4 of the remaining AX.25 packet to be transmitted as a little endian 16-bit number. If the high byte of the length has a different value than the dropped KISS byte users of clones of the skb may observe this as corruption. This was observed with by running listen(8) -a which uses a packet socket which clones transmit packets. The corruption will then typically be displayed for as a KISS "TX Delay" command for AX.25 packets in the range of 252..508 bytes or any other KISS command for yet larger packets. Fixed by using skb_cow to create a private copy should the skb be cloned. Using skb_cow also allows us to cleanup the old logic to ensure sufficient headroom in the skb. While at it, replace a return of 0 from bpq_xmit with the proper constant NETDEV_TX_OK which is now being used everywhere else in this function. Affected: all 2.2, 2.4 and 2.6 kernels. Signed-off-by: Ralf Baechle <redacted> Reported-by: Jann Traschewski <redacted>
Applied to net-next-2.6, thanks!