linux/net
Eric Dumazet 113ab386c7 ip_gre: dont increase dev->needed_headroom on a live device
It seems ip_gre is able to change dev->needed_headroom on the fly.

Its is not legal unfortunately and triggers a BUG in raw_sendmsg()

skb = sock_alloc_send_skb(sk, ... + LL_ALLOCATED_SPACE(rt->dst.dev)

< another cpu change dev->needed_headromm (making it bigger)

...
skb_reserve(skb, LL_RESERVED_SPACE(rt->dst.dev));

We end with LL_RESERVED_SPACE() being bigger than LL_ALLOCATED_SPACE()
-> we crash later because skb head is exhausted.

Bug introduced in commit 243aad83 in 2.6.34 (ip_gre: include route
header_len in max_headroom calculation)

Reported-by: Elmar Vonlanthen <evonlanthen@gmail.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
CC: Timo Teräs <timo.teras@iki.fi>
CC: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-10-20 16:20:30 -04:00
..
9p net/9p: Fix kernel crash with msize 512K 2011-09-06 08:17:15 -05:00
802
8021q vlan: reset headers on accel emulation path 2011-08-18 21:29:27 -07:00
appletalk
atm atm: br2684: Fix oops due to skb->dev being NULL 2011-08-20 14:13:05 -07:00
ax25
batman-adv batman-adv: do_bcast has to be true for broadcast packets only 2011-09-22 20:27:10 +02:00
bluetooth bluetooth: Properly clone LSM attributes to newly created child connections 2011-10-18 23:36:43 -04:00
bridge bridge: fix hang on removal of bridge via netlink 2011-10-18 23:24:16 -04:00
caif caif: fix a potential NULL dereference 2011-09-16 17:40:34 -04:00
can can bcm: fix incomplete tx_setup fix 2011-09-29 15:33:47 -04:00
ceph Merge branch 'for-linus' of git://github.com/NewDreamNetwork/ceph-client 2011-09-29 19:58:58 -07:00
core fib_rules: fix unresolved_rules counting 2011-10-19 19:17:41 -04:00
dcb
dccp net: Compute protocol sequence numbers and fragment IDs using MD5. 2011-08-06 18:33:19 -07:00
decnet atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
dns_resolver
dsa
econet
ethernet net: don't clear IFF_XMIT_DST_RELEASE in ether_setup 2011-09-15 14:49:44 -04:00
ieee802154
ipv4 ip_gre: dont increase dev->needed_headroom on a live device 2011-10-20 16:20:30 -04:00
ipv6 gro: refetch inet6_protos[] after pulling ext headers 2011-10-10 14:26:16 -04:00
ipx
irda IRDA: Fix global type conflicts in net/irda/irsysctl.c v2 2011-09-16 19:17:09 -04:00
iucv atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
key
l2tp l2tp: fix a potential skb leak in l2tp_xmit_skb() 2011-10-18 23:32:00 -04:00
lapb
llc
mac80211 mac80211: fix missing sta_lock in __sta_info_destroy 2011-09-13 14:18:38 -04:00
netfilter Merge branch 'nf' of git://1984.lsi.us.es/net 2011-10-17 19:38:03 -04:00
netlabel net/netlabel/netlabel_kapi.c: add missing cleanup code 2011-08-11 05:52:57 -07:00
netlink
netrom
nfc
packet make PACKET_STATISTICS getsockopt report consistently between ring and non-ring 2011-10-03 14:18:26 -04:00
phonet
rds RDSRDMA: Fix cleanup of rds_iw_mr_pool 2011-09-29 14:57:19 -04:00
rfkill
rose
rxrpc
sched pkt_sched: cls_rsvp.h was outdated 2011-09-15 14:49:43 -04:00
sctp sctp: deal with multiple COOKIE_ECHO chunks 2011-09-16 17:17:22 -04:00
sunrpc net: fix new sunrpc kernel-doc warning 2011-07-28 18:20:21 -07:00
tipc atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
unix
wanrouter
wimax
wireless cfg80211: Fix validation of AKM suites 2011-09-21 15:58:24 -04:00
x25 x25: Prevent skb overreads when checking call user data 2011-10-17 19:31:40 -04:00
xfrm net: check return value for dst_alloc 2011-09-27 15:32:06 -04:00
compat.c
Kconfig
Makefile
nonet.c
socket.c sendmmsg/sendmsg: fix unsafe user pointer access 2011-08-24 19:45:03 -07:00
sysctl_net.c