From patchwork Fri Jan 10 22:10:17 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Bj=C3=B8rn_Mork?= X-Patchwork-Id: 309434 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 030042C009A for ; Sat, 11 Jan 2014 09:11:14 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758369AbaAJWKw (ORCPT ); Fri, 10 Jan 2014 17:10:52 -0500 Received: from canardo.mork.no ([148.122.252.1]:46649 "EHLO canardo.mork.no" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1758343AbaAJWKo (ORCPT ); Fri, 10 Jan 2014 17:10:44 -0500 Received: from nemi.mork.no (nemi.mork.no [IPv6:2001:4620:9:2:e8b:fdff:fe08:971]) (authenticated bits=0) by canardo.mork.no (8.14.4/8.14.4) with ESMTP id s0AMAa32031574 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 10 Jan 2014 23:10:37 +0100 Received: from bjorn by nemi.mork.no with local (Exim 4.80) (envelope-from ) id 1W1kHk-00075N-U1; Fri, 10 Jan 2014 23:10:36 +0100 From: =?UTF-8?q?Bj=C3=B8rn=20Mork?= To: netdev@vger.kernel.org Cc: linux-usb@vger.kernel.org, Thomas Kear , Ben Hutchings , =?UTF-8?q?Bj=C3=B8rn=20Mork?= , Ming Lei Subject: [PATCH net,stable] net: usbnet: fix SG initialisation Date: Fri, 10 Jan 2014 23:10:17 +0100 Message-Id: <1389391817-27204-1-git-send-email-bjorn@mork.no> X-Mailer: git-send-email 1.8.5.2 MIME-Version: 1.0 X-Virus-Scanned: clamav-milter 0.97.8 at canardo X-Virus-Status: Clean Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Commit 60e453a940ac ("USBNET: fix handling padding packet") added an extra SG entry in case padding is necessary, but failed to update the initialisation of the list. This can cause list traversal to fall off the end of the list, resulting in an oops. Fixes: 60e453a940ac ("USBNET: fix handling padding packet") Reported-by: Thomas Kear Cc: Ming Lei Signed-off-by: Bjørn Mork Tested-by: Ming Lei --- I don't have the hardware to verify this fix. It would be good if someone could test it before it goes to stable... But in case this works, it should go into v3.12 stable. Bjørn drivers/net/usb/usbnet.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c index 8494bb53ebdc..aba04f561760 100644 --- a/drivers/net/usb/usbnet.c +++ b/drivers/net/usb/usbnet.c @@ -1245,7 +1245,7 @@ static int build_dma_sg(const struct sk_buff *skb, struct urb *urb) return -ENOMEM; urb->num_sgs = num_sgs; - sg_init_table(urb->sg, urb->num_sgs); + sg_init_table(urb->sg, urb->num_sgs + 1); sg_set_buf(&urb->sg[s++], skb->data, skb_headlen(skb)); total_len += skb_headlen(skb);