| Submitter | Herton Ronaldo Krzesinski |
|---|---|
| Date | Nov. 22, 2012, 4:45 a.m. |
| Message ID | <1353559554-32217-1-git-send-email-herton.krzesinski@canonical.com> |
| Download | mbox | patch |
| Permalink | /patch/200942/ |
| State | New |
| Headers | show |
Comments
Patch
diff --git a/drivers/net/wireless/ipw2x00/ipw2200.c b/drivers/net/wireless/ipw2x00/ipw2200.c index 0036737..1f2edf2 100644 --- a/drivers/net/wireless/ipw2x00/ipw2200.c +++ b/drivers/net/wireless/ipw2x00/ipw2200.c @@ -10470,7 +10470,7 @@ static void ipw_handle_promiscuous_tx(struct ipw_priv *priv, } else len = src->len; - dst = alloc_skb(len + sizeof(*rt_hdr), GFP_ATOMIC); + dst = alloc_skb(len + sizeof(*rt_hdr) + sizeof(u16)*2, GFP_ATOMIC); if (!dst) continue;
This is a note to let you know that I have just added a patch titled net/wireless: ipw2200: Fix panic occurring in to the linux-3.5.y-queue branch of the 3.5.yuz extended stable tree which can be found at: http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.5.y-queue If you, or anyone else, feels it should not be added to this tree, please reply to this email. For more information about the 3.5.yuz tree, see https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable Thanks. -Herton ------ From 9bc5d0ddc7386c91865658a1103621c7938a4249 Mon Sep 17 00:00:00 2001 From: Stanislav Yakovlev <stas.yakovlev@gmail.com> Date: Mon, 15 Oct 2012 14:14:32 +0000 Subject: [PATCH] net/wireless: ipw2200: Fix panic occurring in ipw_handle_promiscuous_tx() commit bf11315eeda510ea4fc1a2bf972d8155d31d89b4 upstream. The driver does not count space of radiotap fields when allocating skb for radiotap packet. This leads to kernel panic with the following call trace: ... [67607.676067] [<c152f90f>] error_code+0x67/0x6c [67607.676067] [<c142f831>] ? skb_put+0x91/0xa0 [67607.676067] [<f8cf5e5b>] ? ipw_handle_promiscuous_tx+0x16b/0x2d0 [ipw2200] [67607.676067] [<f8cf5e5b>] ipw_handle_promiscuous_tx+0x16b/0x2d0 [ipw2200] [67607.676067] [<f8cf899b>] ipw_net_hard_start_xmit+0x8b/0x90 [ipw2200] [67607.676067] [<f8741c5a>] libipw_xmit+0x55a/0x980 [libipw] [67607.676067] [<c143d3e8>] dev_hard_start_xmit+0x218/0x4d0 ... This bug was found by VittGam. https://bugzilla.kernel.org/show_bug.cgi?id=43255 Signed-off-by: Stanislav Yakovlev <stas.yakovlev@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com> --- drivers/net/wireless/ipw2x00/ipw2200.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 1.7.9.5