iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
0de0add10e
linux/drivers/net/usb
History
Kristian Evensen 0de0add10e qmi_wwan: Add missing skb_reset_mac_header-call 
When we receive a packet on a QMI device in raw IP mode, we should call
skb_reset_mac_header() to ensure that skb->mac_header contains a valid
offset in the packet. While it shouldn't really matter, the packets have
no MAC header and the interface is configured as-such, it seems certain
parts of the network stack expects a "good" value in skb->mac_header.

Without the skb_reset_mac_header() call added in this patch, for example
shaping traffic (using tc) triggers the following oops on the first
received packet:

[  303.642957] skbuff: skb_under_panic: text:8f137918 len:177 put:67 head:8e4b0f00 data:8e4b0eff tail:0x8e4b0fb0 end:0x8e4b1520 dev:wwan0
[  303.655045] Kernel bug detected[#1]:
[  303.658622] CPU: 1 PID: 1002 Comm: logd Not tainted 4.9.58 #0
[  303.664339] task: 8fdf05e0 task.stack: 8f15c000
[  303.668844] $ 0   : 00000000 00000001 0000007a 00000000
[  303.674062] $ 4   : 8149a2fc 8149a2fc 8149ce20 00000000
[  303.679284] $ 8   : 00000030 3878303a 31623465 20303235
[  303.684510] $12   : ded731e3 2626a277 00000000 03bd0000
[  303.689747] $16   : 8ef62b40 00000043 8f137918 804db5fc
[  303.694978] $20   : 00000001 00000004 8fc13800 00000003
[  303.700215] $24   : 00000001 8024ab10
[  303.705442] $28   : 8f15c000 8fc19cf0 00000043 802cc920
[  303.710664] Hi    : 00000000
[  303.713533] Lo    : 74e58000
[  303.716436] epc   : 802cc920 skb_panic+0x58/0x5c
[  303.721046] ra    : 802cc920 skb_panic+0x58/0x5c
[  303.725639] Status: 11007c03 KERNEL EXL IE
[  303.729823] Cause : 50800024 (ExcCode 09)
[  303.733817] PrId  : 0001992f (MIPS 1004Kc)
[  303.737892] Modules linked in: rt2800pci rt2800mmio rt2800lib qcserial ppp_async option usb_wwan rt2x00pci rt2x00mmio rt2x00lib rndis_host qmi_wwan ppp_generic nf_nat_pptp nf_conntrack_pptp nf_conntrack_ipv6 mt76x2i
Process logd (pid: 1002, threadinfo=8f15c000, task=8fdf05e0, tls=77b3eee4)
[  303.962509] Stack : 00000000 80408990 8f137918 000000b1 00000043 8e4b0f00 8e4b0eff 8e4b0fb0
[  303.970871]         8e4b1520 8fec1800 00000043 802cd2a4 6e000045 00000043 00000000 8ef62000
[  303.979219]         8eef5d00 8ef62b40 8fea7300 8f137918 00000000 00000000 0002bb01 793e5664
[  303.987568]         8ef08884 00000001 8fea7300 00000002 8fc19e80 8eef5d00 00000006 00000003
[  303.995934]         00000000 8030ba90 00000003 77ab3fd0 8149dc80 8004d1bc 8f15c000 8f383700
[  304.004324]         ...
[  304.006767] Call Trace:
[  304.009241] [<802cc920>] skb_panic+0x58/0x5c
[  304.013504] [<802cd2a4>] skb_push+0x78/0x90
[  304.017783] [<8f137918>] 0x8f137918
[  304.021269] Code: 00602825  0c02a3b4  24842888 <000c000d> 8c870060  8c8200a0  0007382b  00070336  8c88005c
[  304.031034]
[  304.032805] ---[ end trace b778c482b3f0bda9 ]---
[  304.041384] Kernel panic - not syncing: Fatal exception in interrupt
[  304.051975] Rebooting in 3 seconds..

While the oops is for a 4.9-kernel, I was able to trigger the same oops with
net-next as of yesterday.

Fixes: 32f7adf633 ("net: qmi_wwan: support "raw IP" mode")
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
Acked-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-08 16:10:30 +09:00
..
asix_common.c asix: Fix small memory leak in ax88772_unbind() 2017-08-07 10:10:19 -07:00
asix_devices.c net: usb: asix: fill null-ptr-deref in asix_suspend 2017-11-04 22:42:09 +09:00
asix.h asix: Fix small memory leak in ax88772_unbind() 2017-08-07 10:10:19 -07:00
ax88172a.c net: usbnet: support 64bit stats 2017-04-03 19:09:40 -07:00
ax88179_178a.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-06-30 12:43:08 -04:00
catc.c net: usb: catc: constify usb_device_id and fix space before '[' error 2017-08-08 17:47:58 -07:00
cdc_eem.c
cdc_ether.c net: cdc_ether: fix divide by 0 on bad descriptors 2017-11-08 13:42:01 +09:00
cdc_mbim.c net: cdc_mbim: apply "NDP to end" quirk to HP lt4132 2017-07-03 02:19:36 -07:00
cdc_ncm.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-09-01 17:42:05 -07:00
cdc_subset.c
cdc-phonet.c net: usb: cdc-phonet: constify usb_device_id 2017-08-08 17:47:58 -07:00
ch9200.c net: ch9200: add missing USB-descriptor endianness conversions 2017-05-12 12:15:46 -04:00
cx82310_eth.c cx82310_eth: use skb_cow_head() to deal with cloned skbs 2017-04-21 13:24:05 -04:00
dm9601.c net: usbnet: support 64bit stats 2017-04-03 19:09:40 -07:00
gl620a.c networking: make skb_push & __skb_push return void pointers 2017-06-16 11:48:40 -04:00
hso.c net: manual clean code which call skb_put_[data:zero] 2017-06-20 13:30:15 -04:00
huawei_cdc_ncm.c cdc_ncm: Set NTB format again after altsetting switch for Huawei devices 2017-07-14 08:15:05 -07:00
int51x1.c net: introduce __skb_put_[zero, data, u8] 2017-06-20 13:30:14 -04:00
ipheth.c net: usb: ipheth: constify usb_device_id 2017-08-08 17:47:58 -07:00
kalmia.c networking: convert many more places to skb_put_zero() 2017-06-16 11:48:35 -04:00
kaweth.c net: usb: kaweth: constify usb_device_id 2017-08-08 17:47:59 -07:00
Kconfig usb: plusb: Add support for PL-27A1 2017-04-25 10:08:16 -04:00
lan78xx.c lan78xx: Use default values loaded from EEPROM/OTP after reset 2017-09-21 15:22:53 -07:00
lan78xx.h lan78xx: add LAN7801 MAC only support 2016-12-08 14:21:47 -05:00
lg-vl600.c networking: make skb_push & __skb_push return void pointers 2017-06-16 11:48:40 -04:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mcs7830.c net: usbnet: support 64bit stats 2017-04-03 19:09:40 -07:00
net1080.c networking: add and use skb_put_u8() 2017-06-16 11:48:40 -04:00
pegasus.c usbnet: pegasus: Use net_device_stats from struct net_device 2017-04-07 07:03:33 -07:00
pegasus.h usbnet: pegasus: Use net_device_stats from struct net_device 2017-04-07 07:03:33 -07:00
plusb.c usb: plusb: Add support for PL-27A1 2017-04-25 10:08:16 -04:00
qmi_wwan.c qmi_wwan: Add missing skb_reset_mac_header-call 2017-11-08 16:10:30 +09:00
r8152.c drivers/net/usb: add device id for TP-LINK UE300 USB 3.0 Ethernet 2017-10-24 18:31:14 +09:00
rndis_host.c rndis_host: support Novatel Verizon USB730L 2017-10-03 14:30:46 -07:00
rtl8150.c net: usb: rtl8150: constify usb_device_id 2017-08-08 17:47:59 -07:00
sierra_net.c net: usbnet: support 64bit stats 2017-04-03 19:09:40 -07:00
smsc75xx.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-04-21 20:23:53 -07:00
smsc75xx.h
smsc95xx.c smsc95xx: Configure pause time to 0xffff when tx flow control enabled 2017-09-12 20:36:30 -07:00
smsc95xx.h smsc95xx: Add comments to the registers definition 2017-04-17 13:04:52 -04:00
sr9700.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-04-21 20:23:53 -07:00
sr9700.h
sr9800.c net: usbnet: support 64bit stats 2017-04-03 19:09:40 -07:00
sr9800.h
usbnet.c net/{mii, smsc}: Make mii_ethtool_get_link_ksettings and smc_netdev_get_ecmd return void 2017-06-05 11:00:42 -04:00
zaurus.c networking: add and use skb_put_u8() 2017-06-16 11:48:40 -04:00