https://www.open-mesh.org/https://www.open-mesh.org/favicon.ico?16699090422018-12-31T19:55:52ZOpen Meshbatman-adv - Bug #371: batadv_interface_tx causes invalid (eth_hdr) memory access https://www.open-mesh.org/issues/371?journal_id=15082018-12-31T19:55:52ZSven Eckelmann
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>In Progress</i></li></ul><p>The reproducer1 & reproducer2 can be used to reproduce it with <a class="wiki-page" href="https://www.open-mesh.org/projects/open-mesh/wiki/Emulation_Environment">Emulation Environment</a></p>
<p>The interesting line seems to be</p>
<pre>
switch (ntohs(ethhdr->h_proto)) {
</pre>
<p>Or with more context:</p>
<pre>
/* reset control block to avoid left overs from previous users */
memset(skb->cb, 0, sizeof(struct batadv_skb_cb));
netif_trans_update(soft_iface);
vid = batadv_get_vid(skb, 0);
ethhdr = eth_hdr(skb);
switch (ntohs(ethhdr->h_proto)) {
case ETH_P_8021Q:
</pre>
<p>This seems to suggest that the retriever ethernet header isn't backed with data in the skb.</p>
<p>I've added some printk to show the ethhdr + skb->data for the crash:</p>
<pre>
batadv_interface_tx:225 0xffff888013a7e9ff
batadv_interface_tx:226 0xffff888013a6ea02
</pre>
<p>You can see that the eth_hdr (first line) is for some reason 65533 bytes far away. This doesn't make a lot of sense because batman-adv expects that the ethernet header is just in front of the current skb->data</p> batman-adv - Bug #371: batadv_interface_tx causes invalid (eth_hdr) memory access https://www.open-mesh.org/issues/371?journal_id=15092018-12-31T21:14:58ZSven Eckelmann
<ul></ul><p>Looks like the important piece here is the</p>
<pre>
int opt = 4;
setsockopt(sock, SOL_PACKET, PACKET_QDISC_BYPASS, &opt, 4);
</pre>
<p>right before the bind. It doesn't happen without this. I can also reproduce this by using the lot simpler rawsend.c <a class="external" href="https://lists.open-mesh.org/mailman3/hyperkitty/list/b.a.t.m.a.n@lists.open-mesh.org/message/ZS6SNV2S7JYWZWCHQUNKPP3267MTXGZ3/attachment/3/rawsend.c">https://lists.open-mesh.org/mailman3/hyperkitty/list/b.a.t.m.a.n@lists.open-mesh.org/message/ZS6SNV2S7JYWZWCHQUNKPP3267MTXGZ3/attachment/3/rawsend.c</a></p>
<p>The batman-adv device was created using:</p>
<pre>
#! /bin/sh
insmod /host/batman-adv/net/batman-adv/batman-adv.ko
ip link add dev batadv0 type batadv
ip link set up dev batadv0
</pre> batman-adv - Bug #371: batadv_interface_tx causes invalid (eth_hdr) memory access https://www.open-mesh.org/issues/371?journal_id=15102018-12-31T21:23:01ZSven Eckelmann
<ul><li><strong>File</strong> <a href="/attachments/860">reproducer1_simplified.c</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/860/reproducer1_simplified.c">reproducer1_simplified.c</a> added</li></ul><p>Here is also the simplified reproducer (with 99% less hardcoded hex values and pid/netns)</p> batman-adv - Bug #371: batadv_interface_tx causes invalid (eth_hdr) memory access https://www.open-mesh.org/issues/371?journal_id=15112018-12-31T21:44:47ZSven Eckelmann
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/1511/diff?detail_id=951">diff</a>)</li></ul> batman-adv - Bug #371: batadv_interface_tx causes invalid (eth_hdr) memory access https://www.open-mesh.org/issues/371?journal_id=15142018-12-31T21:47:23ZSven Eckelmann
<ul><li><strong>Target version</strong> set to <i>2019.0</i></li></ul><p>Patch can be found at <a class="external" href="https://patchwork.open-mesh.org/project/b.a.t.m.a.n./patch/20181231214609.22378-1-sven@narfation.org/">https://patchwork.open-mesh.org/project/b.a.t.m.a.n./patch/20181231214609.22378-1-sven@narfation.org/</a></p> batman-adv - Bug #371: batadv_interface_tx causes invalid (eth_hdr) memory access https://www.open-mesh.org/issues/371?journal_id=15182019-01-04T10:13:15ZSven Eckelmann
<ul><li><strong>Status</strong> changed from <i>In Progress</i> to <i>Resolved</i></li></ul> batman-adv - Bug #371: batadv_interface_tx causes invalid (eth_hdr) memory access https://www.open-mesh.org/issues/371?journal_id=15232019-02-01T22:43:49ZSven Eckelmann
<ul><li><strong>Status</strong> changed from <i>Resolved</i> to <i>Closed</i></li></ul> batman-adv - Bug #371: batadv_interface_tx causes invalid (eth_hdr) memory access https://www.open-mesh.org/issues/371?journal_id=16612020-05-27T19:58:21ZSven Eckelmann
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/1661/diff?detail_id=1128">diff</a>)</li></ul>