mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-29 22:02:02 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers
History
Paolo Abeni 19cdead3e2 bonding: avoid defaulting hard_header_len to ETH_HLEN on slave removal 
On slave list updates, the bonding driver computes its hard_header_len
as the maximum of all enslaved devices's hard_header_len.
If the slave list is empty, e.g. on last enslaved device removal,
ETH_HLEN is used.

Since the bonding header_ops are set only when the first enslaved
device is attached, the above can lead to header_ops->create()
being called with the wrong skb headroom in place.

If bond0 is configured on top of ipoib devices, with the
following commands:

ifup bond0
for slave in $BOND_SLAVES_LIST; do
	ip link set dev $slave nomaster
done
ping -c 1 <ip on bond0 subnet>

we will obtain a skb_under_panic() with a similar call trace:
	skb_push+0x3d/0x40
	push_pseudo_header+0x17/0x30 [ib_ipoib]
	ipoib_hard_header+0x4e/0x80 [ib_ipoib]
	arp_create+0x12f/0x220
	arp_send_dst.part.19+0x28/0x50
	arp_solicit+0x115/0x290
	neigh_probe+0x4d/0x70
	__neigh_event_send+0xa7/0x230
	neigh_resolve_output+0x12e/0x1c0
	ip_finish_output2+0x14b/0x390
	ip_finish_output+0x136/0x1e0
	ip_output+0x76/0xe0
	ip_local_out+0x35/0x40
	ip_send_skb+0x19/0x40
	ip_push_pending_frames+0x33/0x40
	raw_sendmsg+0x7d3/0xb50
	inet_sendmsg+0x31/0xb0
	sock_sendmsg+0x38/0x50
	SYSC_sendto+0x102/0x190
	SyS_sendto+0xe/0x10
	do_syscall_64+0x67/0x180
	entry_SYSCALL64_slow_path+0x25/0x25

This change addresses the issue avoiding updating the bonding device
hard_header_len when the slaves list become empty, forbidding to
shrink it below the value used by header_ops->create().

The bug is there since commit 54ef313714 ("[PATCH] bonding: Handle large
hard_header_len") but the panic can be triggered only since
commit fc791b6335 ("IB/ipoib: move back IB LL address into the hard
header").

Reported-by: Norbert P <noe@physik.uzh.ch>
Fixes: 54ef313714 ("[PATCH] bonding: Handle large hard_header_len")
Fixes: fc791b6335 ("IB/ipoib: move back IB LL address into the hard header")
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Jay Vosburgh <jay.vosburgh@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-04-28 16:04:05 -04:00
..
accessibility
acpi ACPI / power: Avoid maybe-uninitialized warning 2017-04-19 22:46:10 +02:00
amba
android
ata sata_via: Enable hotplug only on VT6421 2017-04-11 09:12:18 +09:00
atm
auxdisplay
base
bcma
block mtip32xx: pass BLK_MQ_F_NO_SCHED 2017-04-19 14:15:45 -06:00
bluetooth Bluetooth: btqcomsmd: fix compile-test dependency 2017-03-22 19:22:04 -07:00
bus
cdrom
char Fixes /dev/mem to read back zeros for System RAM areas in the 1MB exception 2017-04-14 08:57:20 -07:00
clk Allwinner clock fixes for 4.11 2017-04-17 11:04:12 -07:00
clocksource Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-04-02 09:22:03 -07:00
connector
cpufreq cpufreq: Bring CPUs up even if cpufreq_online() failed 2017-04-13 03:38:44 +02:00
cpuidle cpuidle: powernv: Pass correct drv->cpumask for registration 2017-03-29 22:55:36 +02:00
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2017-04-10 09:37:43 -07:00
dax device-dax: switch to srcu, fix rcu_read_lock() vs pte allocation 2017-04-12 13:45:18 -07:00
dca
devfreq
dio
dma
dma-buf
edac EDAC, pnd2_edac: Fix reported DIMM number 2017-03-26 09:36:28 +02:00
eisa
extcon extcon: int3496: Set the id pin to direction-input if necessary 2017-03-22 18:29:48 +09:00
firewire
firmware efi/libstub: Skip GOP with PIXEL_BLT_ONLY format 2017-04-05 09:20:18 +02:00
fmc
fpga
fsi
gpio ACPI / gpio: do not fall back to parsing _CRS when we get a deferral 2017-03-30 11:08:46 +02:00
gpu Merge branch 'linux-4.11' of git://github.com/skeggsb/linux into drm-fixes 2017-04-13 09:56:05 +10:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2017-04-20 12:26:10 -07:00
hsi
hv
hwmon hwmon: (asus_atk0110) fix uninitialized data access 2017-03-23 12:01:57 -07:00
hwspinlock
hwtracing
i2c i2c: mux: pca954x: Add missing pca9546 definition to chip_desc 2017-03-24 12:22:18 +01:00
ide
idle
iio iio: hid-sensor-attributes: Fix sensor property setting failure. 2017-04-02 11:44:03 +01:00
infiniband Merge git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2017-04-11 23:51:58 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2017-04-21 09:13:43 -07:00
iommu Merge branch 'for-joerg/arm-smmu/fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/will/linux into iommu/fixes 2017-03-22 23:59:56 +01:00
ipack
irqchip irqchip/irq-imx-gpcv2: Fix spinlock initialization 2017-04-14 10:55:05 +02:00
isdn isdn: kcapi: avoid uninitialized data 2017-03-28 17:59:33 -07:00
leds
lguest
lightnvm
macintosh
mailbox
mcb
md Merge branch 'for-linus' of git://git.kernel.dk/linux-block 2017-04-08 11:56:58 -07:00
media media fixes for v4.11-rc4 2017-03-24 13:34:16 -07:00
memory
memstick
message
mfd
misc Char/Misc driver fixes for 4.11-rc4 2017-03-26 11:15:54 -07:00
mmc mmc: sdhci-esdhc-imx: increase the pad I/O drive strength for DDR50 card 2017-04-20 14:41:05 +02:00
mtd ubi/upd: Always flush after prepared for an update 2017-03-30 09:27:11 +02:00
net bonding: avoid defaulting hard_header_len to ETH_HLEN on slave removal 2017-04-28 16:04:05 -04:00
nfc
ntb
nubus
nvdimm libnvdimm: band aid btt vs clear poison locking 2017-04-10 17:21:45 -07:00
nvme nvme: Quirk APST off on "THNSF5256GPUK TOSHIBA" 2017-04-20 14:42:10 -06:00
nvmem
of
oprofile
parisc
parport
pci PCI: hisi: Fix DT binding (hisi-pcie-almost-ecam) 2017-04-12 10:46:47 -05:00
pcmcia
perf
phy
pinctrl pinctrl: cherryview: Add a quirk to make Acer Chromebook keyboard work again 2017-04-11 10:09:39 +02:00
platform
pnp
power
powercap
pps
ps3
ptp
pwm pwm: rockchip: State of PWM clock should synchronize with PWM enabled state 2017-04-06 15:08:52 +02:00
rapidio drivers/rapidio/devices/tsi721.c: make module parameter variable name unique 2017-03-31 17:13:30 -07:00
ras
regulator
remoteproc
reset reset: add exported __reset_control_get, return NULL if optional 2017-04-04 17:36:10 +02:00
rpmsg
rtc
s390 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-04-05 20:17:38 -07:00
sbus
scsi SCSI fixes on 20170424 2017-04-24 13:31:08 -07:00
sfi
sh
sn
soc
spi
spmi
ssb
staging staging: android: ashmem: lseek failed due to no FMODE_LSEEK. 2017-04-08 12:13:11 +02:00
target tcmu: Skip Data-Out blocks before gathering Data-In buffer for BIDI case 2017-04-02 16:18:51 -07:00
tc
thermal
thunderbolt
tty Revert "tty: don't panic on OOM in tty_set_ldisc()" 2017-04-14 10:59:56 +02:00
uio
usb Merge git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2017-04-11 23:51:58 -07:00
uwb
vfio VFIO fixes for v4.11-rc4 2017-03-24 14:39:36 -07:00
vhost vhost-vsock: add pkt cancel capability 2017-03-21 14:41:46 -07:00
video backlight: pwm_bl: Fix GPIO out for unimplemented .get_direction() 2017-04-19 19:59:44 +01:00
virt
virtio virtio-pci: Remove affinity hint before freeing the interrupt 2017-04-11 00:30:20 +03:00
vlynq
vme
w1
watchdog
xen xenbus: remove transaction holder from list before freeing 2017-04-04 10:11:06 -04:00
zorro
Kconfig
Makefile