Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
batman-adv: Merge bugfixes from 2018.4
* Use explicit tvlv padding for ELP packets * Expand merged fragment buffer for full packet Signed-off-by: Sven Eckelmann <sven@narfation.org>
- Loading branch information
Showing
3 changed files
with
100 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
55 changes: 55 additions & 0 deletions
55
batman-adv/patches/0022-batman-adv-Use-explicit-tvlv-padding-for-ELP-packets.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
From: Sven Eckelmann <sven@narfation.org> | ||
Date: Tue, 30 Oct 2018 12:17:10 +0100 | ||
Subject: [PATCH] batman-adv: Use explicit tvlv padding for ELP packets | ||
|
||
The announcement messages of batman-adv COMPAT_VERSION 15 have the | ||
possibility to announce additional information via a dynamic TVLV part. | ||
This part is optional for the ELP packets and currently not parsed by the | ||
Linux implementation. Still out-of-tree versions are using it to transport | ||
things like neighbor hashes to optimize the rebroadcast behavior. | ||
|
||
Since the ELP broadcast packets are smaller than the minimal ethernet | ||
packet, it often has to be padded. This is often done (as specified in | ||
RFC894) with octets of zero and thus work perfectly fine with the TVLV | ||
part (making it a zero length and thus empty). But not all ethernet | ||
compatible hardware seems to follow this advice. To avoid ambiguous | ||
situations when parsing the TVLV header, just force the 4 bytes (TVLV | ||
length + padding) after the required ELP header to zero. | ||
|
||
Fixes: a4b88af77e28 ("batman-adv: ELP - adding basic infrastructure") | ||
Reported-by: Linus Lüssing <linus.luessing@c0d3.blue> | ||
Signed-off-by: Sven Eckelmann <sven@narfation.org> | ||
|
||
Origin: upstream, https://git.open-mesh.org/batman-adv.git/commit/974337ee9773c4bd0a2d5c322306cf2bea445e11 | ||
--- | ||
net/batman-adv/bat_v_elp.c | 6 ++++-- | ||
1 file changed, 4 insertions(+), 2 deletions(-) | ||
|
||
diff --git a/net/batman-adv/bat_v_elp.c b/net/batman-adv/bat_v_elp.c | ||
index 83b46654449df72ceda6ca3177f72e7faf0603ab..9aa3c7b2e9bad6c50b2939b6dbf5a9a2e713b93b 100644 | ||
--- a/net/batman-adv/bat_v_elp.c | ||
+++ b/net/batman-adv/bat_v_elp.c | ||
@@ -339,19 +339,21 @@ static void batadv_v_elp_periodic_work(struct work_struct *work) | ||
*/ | ||
int batadv_v_elp_iface_enable(struct batadv_hard_iface *hard_iface) | ||
{ | ||
+ static const size_t tvlv_padding = sizeof(__be32); | ||
struct batadv_elp_packet *elp_packet; | ||
unsigned char *elp_buff; | ||
u32 random_seqno; | ||
size_t size; | ||
int res = -ENOMEM; | ||
|
||
- size = ETH_HLEN + NET_IP_ALIGN + BATADV_ELP_HLEN; | ||
+ size = ETH_HLEN + NET_IP_ALIGN + BATADV_ELP_HLEN + tvlv_padding; | ||
hard_iface->bat_v.elp_skb = dev_alloc_skb(size); | ||
if (!hard_iface->bat_v.elp_skb) | ||
goto out; | ||
|
||
skb_reserve(hard_iface->bat_v.elp_skb, ETH_HLEN + NET_IP_ALIGN); | ||
- elp_buff = skb_put_zero(hard_iface->bat_v.elp_skb, BATADV_ELP_HLEN); | ||
+ elp_buff = skb_put_zero(hard_iface->bat_v.elp_skb, | ||
+ BATADV_ELP_HLEN + tvlv_padding); | ||
elp_packet = (struct batadv_elp_packet *)elp_buff; | ||
|
||
elp_packet->packet_type = BATADV_ELP; |
44 changes: 44 additions & 0 deletions
44
batman-adv/patches/0023-batman-adv-Expand-merged-fragment-buffer-for-full-pa.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
From: Sven Eckelmann <sven@narfation.org> | ||
Date: Wed, 7 Nov 2018 23:09:12 +0100 | ||
Subject: [PATCH] batman-adv: Expand merged fragment buffer for full packet | ||
|
||
The complete size ("total_size") of the fragmented packet is stored in the | ||
fragment header and in the size of the fragment chain. When the fragments | ||
are ready for merge, the skbuff's tail of the first fragment is expanded to | ||
have enough room after the data pointer for at least total_size. This means | ||
that it gets expanded by total_size - first_skb->len. | ||
|
||
But this is ignoring the fact that after expanding the buffer, the fragment | ||
header is pulled by from this buffer. Assuming that the tailroom of the | ||
buffer was already 0, the buffer after the data pointer of the skbuff is | ||
now only total_size - len(fragment_header) large. When the merge function | ||
is then processing the remaining fragments, the code to copy the data over | ||
to the merged skbuff will cause an skb_over_panic when it tries to actually | ||
put enough data to fill the total_size bytes of the packet. | ||
|
||
The size of the skb_pull must therefore also be taken into account when the | ||
buffer's tailroom is expanded. | ||
|
||
Fixes: 9b3eab61754d ("batman-adv: Receive fragmented packets and merge") | ||
Reported-by: Martin Weinelt <martin@darmstadt.freifunk.net> | ||
Co-authored-by: Linus Lüssing <linus.luessing@c0d3.blue> | ||
Signed-off-by: Sven Eckelmann <sven@narfation.org> | ||
|
||
Origin: other, https://patchwork.open-mesh.org/patch/17616/ | ||
--- | ||
net/batman-adv/fragmentation.c | 2 +- | ||
1 file changed, 1 insertion(+), 1 deletion(-) | ||
|
||
diff --git a/net/batman-adv/fragmentation.c b/net/batman-adv/fragmentation.c | ||
index 0fddc17106bd8a0e3f064fee9adba7c226f34682..5b71a289d04fc80de6c20e7a24d621727c77825a 100644 | ||
--- a/net/batman-adv/fragmentation.c | ||
+++ b/net/batman-adv/fragmentation.c | ||
@@ -275,7 +275,7 @@ batadv_frag_merge_packets(struct hlist_head *chain) | ||
kfree(entry); | ||
|
||
packet = (struct batadv_frag_packet *)skb_out->data; | ||
- size = ntohs(packet->total_size); | ||
+ size = ntohs(packet->total_size) + hdr_size; | ||
|
||
/* Make room for the rest of the fragments. */ | ||
if (pskb_expand_head(skb_out, 0, size - skb_out->len, GFP_ATOMIC) < 0) { |