redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/drivers
History
holger@eitzenberger.org c5060cec6b asix: fix BUG in receive path when lowering MTU 
There is bug in the receive path of the asix driver at the time a
packet is received larger than MTU size and DF bit set:

 BUG: unable to handle kernel paging request at 0000004000000001
 IP: [<ffffffff8126f65b>] skb_release_head_state+0x2d/0xd2
 ...
 Call Trace:
  <IRQ>
  [<ffffffff8126f86d>] ? skb_release_all+0x9/0x1e
  [<ffffffff8126f8ad>] ? __kfree_skb+0x9/0x6f
  [<ffffffffa00b4200>] ? asix_rx_fixup_internal+0xff/0x1ae [asix]
  [<ffffffffa00fb3dc>] ? usbnet_bh+0x4f/0x226 [usbnet]
  ...

It is easily reproducable by setting an MTU of 512 e. g. and sending
something like

  ping -s 1472 -c 1 -M do $SELF

from another box.

And this is because the rx->ax_skb is freed on error, but rx->ax_skb
is not reset, and the size is not reset to zero in this case.

And since the skb is added again to the usbnet->done skb queue it is
accessing already freed memory, resulting in the BUG when freeing a
2nd time.  I therefore think the value 0x0000004000000001 show in the
trace is more or less random data.

Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2013-05-03 16:10:33 -04:00
..
accessibility
acpi Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
amba
ata Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
atm atm: he: use mdelay instead of large udelay constants 2013-04-29 13:26:48 -04:00
auxdisplay
base Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2013-05-01 13:20:04 -07:00
bcma
block Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2013-05-01 14:08:52 -07:00
bus
cdrom
char Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
clk ARM: arm-soc multiplatform updates for 3.10 2013-05-02 09:38:16 -07:00
clocksource ARM: arm-soc multiplatform updates for 3.10 2013-05-02 09:38:16 -07:00
connector
cpufreq Merge branch 'pm-cpufreq' 2013-04-29 00:08:46 +02:00
cpuidle cpuidle: add maintainer entry 2013-04-26 22:30:25 +02:00
crypto ARM: arm-soc multiplatform updates for 3.10 2013-05-02 09:38:16 -07:00
dca
devfreq
dio
dma
edac Merge branch 'linux_next' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-edac 2013-04-30 10:00:49 -07:00
eisa PCI changes for the v3.10 merge window: 2013-04-29 09:30:25 -07:00
extcon
firewire
firmware Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
gpio ARM: arm-soc platform updates for 3.10, part 1 2013-05-02 09:31:45 -07:00
gpu Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2013-04-30 09:37:55 -07:00
hsi
hv Merge branch 'x86-paravirt-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-04-30 08:41:21 -07:00
hwmon Highlights: 2013-04-30 15:15:24 -07:00
hwspinlock
i2c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-04-30 09:36:50 -07:00
ide
idle Merge branch 'pm-cpuidle' 2013-04-28 01:54:49 +02:00
iio
infiniband Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2013-05-01 14:08:52 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
iommu Merge branch 'x86-mm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-04-30 08:40:35 -07:00
ipack
irqchip ARM: arm-soc multiplatform updates for 3.10 2013-05-02 09:38:16 -07:00
isdn Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
leds
lguest lguest: rename random32() to prandom_u32() 2013-04-29 18:28:43 -07:00
macintosh
mailbox
md MD: ignore discard request for hard disks of hybid raid1/raid10 array 2013-04-30 14:49:36 +10:00
media Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
memory
memstick drivers/memstick/host/r592.c: make r592_pm_ops static 2013-04-30 17:04:08 -07:00
message Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
mfd ARM: arm-soc multiplatform updates for 3.10 2013-05-02 09:38:16 -07:00
misc Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
mmc ARM: arm-soc multiplatform updates for 3.10 2013-05-02 09:38:16 -07:00
mtd ARM: arm-soc multiplatform updates for 3.10 2013-05-02 09:38:16 -07:00
net asix: fix BUG in receive path when lowering MTU 2013-05-03 16:10:33 -04:00
nfc
ntb
nubus nubus: Don't use create_proc_read_entry() 2013-04-29 15:41:54 -04:00
of Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
oprofile
parisc
parport
pci Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
pcmcia
pinctrl ARM: arm-soc multiplatform updates for 3.10 2013-05-02 09:38:16 -07:00
platform Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
pnp Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
power Highlights: 2013-04-30 15:15:24 -07:00
pps Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
ps3
ptp
pwm
rapidio
regulator Merge remote-tracking branch 'regulator/topic/wm8994' into v3.9-rc8 2013-04-28 02:13:50 +01:00
remoteproc Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-04-30 09:36:50 -07:00
rpmsg drivers/rpmsg/virtio_rpmsg_bus.c: fix error return code in rpmsg_probe() 2013-04-29 18:28:13 -07:00
rtc ARM: arm-soc multiplatform updates for 3.10 2013-05-02 09:38:16 -07:00
s390 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
sbus
scsi Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
sfi
sh
sn
spi spi: Updates for v3.10 2013-04-29 16:38:41 -07:00
ssb ssb: implement ssb spuravoid for chipid BCM43222 2013-04-26 08:42:22 -04:00
ssbi
staging ARM: arm-soc multiplatform updates for 3.10 2013-05-02 09:38:16 -07:00
target Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
tc
thermal
tty Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
uio
usb ARM: arm-soc cleanup for 3.10 2013-05-02 09:03:55 -07:00
uwb uwb: rename random32() to prandom_u32() 2013-04-29 18:28:43 -07:00
vfio PCI changes for the v3.10 merge window: 2013-04-29 09:30:25 -07:00
vhost Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2013-05-01 14:08:52 -07:00
video Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
virt
virtio
vlynq
vme
w1 drivers/w1/slaves/w1_ds2760.c: fix the error handling in w1_ds2760_add_slave() 2013-04-30 17:04:08 -07:00
watchdog
xen zcache/tmem: Better error checking on frontswap_register_ops return value. 2013-04-30 17:04:01 -07:00
zorro proc: Supply PDE attribute setting accessor functions 2013-05-01 17:29:18 -04:00
Kconfig kconfig menu: move Virtualization drivers near other virtualization options 2013-04-30 17:04:09 -07:00
Makefile USB patches for 3.10-rc1 2013-04-29 12:19:23 -07:00