From patchwork Tue Nov 7 12:47:56 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Kristian Evensen X-Patchwork-Id: 835248 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="UIU32uAs"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3yWTkH5Cqkz9t2t for ; Tue, 7 Nov 2017 23:48:23 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752919AbdKGMsL (ORCPT ); Tue, 7 Nov 2017 07:48:11 -0500 Received: from mail-lf0-f66.google.com ([209.85.215.66]:50324 "EHLO mail-lf0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751602AbdKGMsJ (ORCPT ); Tue, 7 Nov 2017 07:48:09 -0500 Received: by mail-lf0-f66.google.com with SMTP id a132so14318121lfa.7; Tue, 07 Nov 2017 04:48:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=x5ycJehIEvvBdG7KeNMo/FvDAitG1hLDZLoZikiStLw=; b=UIU32uAs56G4cd4cx3OUMFfaDh3gKEl3sz6Qo+8aS+BLhN+iN953uvadPaJh+RMDfz qaxu1yX6n152GnmY7ueDZYgXziKnX6WCm/DRHBf6e4DavlOvzycJu6vBHik6aylqv6N2 senUGmCeNEGk5nMX4w1nTaaH178o5mfgC8tocQFuC7j7AYvTEm/ewq9kwwo5UY9rY2Bk Ox7479E0uAXPPgtJ/cqsDx0jBPl+x3aQTH9QVn3FdHfUugTL5KMtcM1+2CpMnHTYa4Ix GcEz1CZkl8XyAk9CJuLzfqGl7ddXa2MYO7AioFTXt2MY/kmDd4/4wk6DMwuF4INgbnZP U/XA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=x5ycJehIEvvBdG7KeNMo/FvDAitG1hLDZLoZikiStLw=; b=i1UlgScJasIuk2hXztSsiNEoWkFMBTL7itAOTNK3gpeE73k+SKqNLL8H4MTLT96ilF V7G1PnoT5Qm2uvVHomkl9nFbcbZdo3yALwhR91QYs1v4faRY9jnBvRQgIl6MKa5o8dxV tTu3HuTUokU4lsTClGQ+ISVmC5h8cYyK+i+1Zhw6xroF61VVd9uipD/kqUp+KPZOOuBt B5gV7XmAj8KCLKGexhtM0qMgO19tkhTl7fVhc3kP+dIaYcPkruz3c4qgeE54fLRjsGTx XbOS1H1ktcmmoalOqHL7CrirX/S1nLy2AKaNqzwyki9dxx/e25opjgWdCProsc3dUHh0 5ZOw== X-Gm-Message-State: AMCzsaVSEWW8ZuSjt4zgrekWknHv6BtbV+Q5qcx4howFkNLIJiJszAgs bdUqHpHGHhxlia3vSjg2vq8= X-Google-Smtp-Source: ABhQp+RzacT4M+vGRG1dOibXYokGi+mMyFu/GmHfRSg3gjry9D7wea5N2D3LUUmzb1MVpR18HOBAAg== X-Received: by 10.46.85.215 with SMTP id g84mr7431076lje.114.1510058887075; Tue, 07 Nov 2017 04:48:07 -0800 (PST) Received: from localhost.localdomain ([193.213.155.210]) by smtp.gmail.com with ESMTPSA id 13sm228770ljv.10.2017.11.07.04.48.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 07 Nov 2017 04:48:06 -0800 (PST) From: Kristian Evensen To: bjorn@mork.no, netdev@vger.kernel.org, linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Kristian Evensen Subject: [PATCH net] qmi_wwan: Add missing skb_reset_mac_header-call Date: Tue, 7 Nov 2017 13:47:56 +0100 Message-Id: <20171107124756.3029-1-kristian.evensen@gmail.com> X-Mailer: git-send-email 2.11.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org When we receive a packet on a QMI device in raw IP mode, we should call skb_reset_mac_header() to ensure that skb->mac_header contains a valid offset in the packet. While it shouldn't really matter, the packets have no MAC header and the interface is configured as-such, it seems certain parts of the network stack expects a "good" value in skb->mac_header. Without the skb_reset_mac_header() call added in this patch, for example shaping traffic (using tc) triggers the following oops on the first received packet: [ 303.642957] skbuff: skb_under_panic: text:8f137918 len:177 put:67 head:8e4b0f00 data:8e4b0eff tail:0x8e4b0fb0 end:0x8e4b1520 dev:wwan0 [ 303.655045] Kernel bug detected[#1]: [ 303.658622] CPU: 1 PID: 1002 Comm: logd Not tainted 4.9.58 #0 [ 303.664339] task: 8fdf05e0 task.stack: 8f15c000 [ 303.668844] $ 0 : 00000000 00000001 0000007a 00000000 [ 303.674062] $ 4 : 8149a2fc 8149a2fc 8149ce20 00000000 [ 303.679284] $ 8 : 00000030 3878303a 31623465 20303235 [ 303.684510] $12 : ded731e3 2626a277 00000000 03bd0000 [ 303.689747] $16 : 8ef62b40 00000043 8f137918 804db5fc [ 303.694978] $20 : 00000001 00000004 8fc13800 00000003 [ 303.700215] $24 : 00000001 8024ab10 [ 303.705442] $28 : 8f15c000 8fc19cf0 00000043 802cc920 [ 303.710664] Hi : 00000000 [ 303.713533] Lo : 74e58000 [ 303.716436] epc : 802cc920 skb_panic+0x58/0x5c [ 303.721046] ra : 802cc920 skb_panic+0x58/0x5c [ 303.725639] Status: 11007c03 KERNEL EXL IE [ 303.729823] Cause : 50800024 (ExcCode 09) [ 303.733817] PrId : 0001992f (MIPS 1004Kc) [ 303.737892] Modules linked in: rt2800pci rt2800mmio rt2800lib qcserial ppp_async option usb_wwan rt2x00pci rt2x00mmio rt2x00lib rndis_host qmi_wwan ppp_generic nf_nat_pptp nf_conntrack_pptp nf_conntrack_ipv6 mt76x2i Process logd (pid: 1002, threadinfo=8f15c000, task=8fdf05e0, tls=77b3eee4) [ 303.962509] Stack : 00000000 80408990 8f137918 000000b1 00000043 8e4b0f00 8e4b0eff 8e4b0fb0 [ 303.970871] 8e4b1520 8fec1800 00000043 802cd2a4 6e000045 00000043 00000000 8ef62000 [ 303.979219] 8eef5d00 8ef62b40 8fea7300 8f137918 00000000 00000000 0002bb01 793e5664 [ 303.987568] 8ef08884 00000001 8fea7300 00000002 8fc19e80 8eef5d00 00000006 00000003 [ 303.995934] 00000000 8030ba90 00000003 77ab3fd0 8149dc80 8004d1bc 8f15c000 8f383700 [ 304.004324] ... [ 304.006767] Call Trace: [ 304.009241] [<802cc920>] skb_panic+0x58/0x5c [ 304.013504] [<802cd2a4>] skb_push+0x78/0x90 [ 304.017783] [<8f137918>] 0x8f137918 [ 304.021269] Code: 00602825 0c02a3b4 24842888 <000c000d> 8c870060 8c8200a0 0007382b 00070336 8c88005c [ 304.031034] [ 304.032805] ---[ end trace b778c482b3f0bda9 ]--- [ 304.041384] Kernel panic - not syncing: Fatal exception in interrupt [ 304.051975] Rebooting in 3 seconds.. While the oops is for a 4.9-kernel, I was able to trigger the same oops with net-next as of yesterday. Signed-off-by: Kristian Evensen Acked-by: Bjørn Mork --- drivers/net/usb/qmi_wwan.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c index db7279d5b250..5b22645c7c8c 100644 --- a/drivers/net/usb/qmi_wwan.c +++ b/drivers/net/usb/qmi_wwan.c @@ -499,6 +499,7 @@ static int qmi_wwan_rx_fixup(struct usbnet *dev, struct sk_buff *skb) return 1; } if (rawip) { + skb_reset_mac_header(skb); skb->dev = dev->net; /* normally set by eth_type_trans */ skb->protocol = proto; return 1;