Hi,
The bridging code copies 16 bytes unconditionally, where as the ethernet
header is 14 bytes only. In most cases it works ok nevertheless due to
NET_IP_ALIGN, sometimes it doesn't though. Fix is attached below.
please apply,
Gerd
--
Gerd Hoffmann <kraxel@xxxxxxx>
http://www.suse.de/~kraxel/julika-dora.jpeg
Subject: nf_bridge: ethernet header is 14 not 16 bytes
From: jbeulich@xxxxxxxxxx
Acked-by: kraxel@xxxxxxx
References: 150410
The bridge netfilter code saves two more bytes that it should.
In most cases it doesn't hurt because many drivers use NET_IP_ALIGN
to make the IP header aligned, so there are two extra bytes head room
available.
Some drivers don't do that though (sky2 for example), so copying
accesses data outside the skbuff data allocation. On xen kernels
this can kill the machine with a page fault due to the way how
skbuffs are allocated and the memory is managed.
---
include/linux/netfilter_bridge.h | 2 +-
net/bridge/br_netfilter.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
--- linux-2.6.17.orig/include/linux/netfilter_bridge.h
+++ linux-2.6.17/include/linux/netfilter_bridge.h
@@ -57,7 +57,7 @@ void nf_bridge_maybe_copy_header(struct
memcpy(skb->data - 18, skb->nf_bridge->data, 18);
skb_push(skb, 4);
} else
- memcpy(skb->data - 16, skb->nf_bridge->data, 16);
+ memcpy(skb->data - 14, skb->nf_bridge->data, 14);
}
}
--- linux-2.6.17.orig/net/bridge/br_netfilter.c
+++ linux-2.6.17/net/bridge/br_netfilter.c
@@ -124,7 +124,7 @@ static inline struct nf_bridge_info *nf_
static inline void nf_bridge_save_header(struct sk_buff *skb)
{
- int header_size = 16;
+ int header_size = 14;
if (skb->protocol == htons(ETH_P_8021Q))
header_size = 18;
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
Home
