2010-12-30 08:01:06

by Milton Miller

[permalink] [raw]
Subject: [PATCH] mac80211: fix mesh forwarding when ratelimited too

Commit b51aff057c9d0ef6c529dc25fd9f775faf7b6c63 said:

Under memory pressure, the mac80211 mesh code
may helpfully print a message that it failed
to clone a mesh frame and then will proceed
to crash trying to use it anyway. Fix that.

Avoid the reference whenever the frame copy is unsuccessful
regardless of the debug message being suppressed or printed.

Cc: [email protected] [2.6.27+]
Signed-off-by: Milton Miller <[email protected]>
---
I chose a seperate if vs nesting the ratelimit check to avoid shifting
the printk further to the right.

diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index b01e467..e98668f 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -1788,11 +1788,11 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)

fwd_skb = skb_copy(skb, GFP_ATOMIC);

- if (!fwd_skb && net_ratelimit()) {
+ if (!fwd_skb && net_ratelimit())
printk(KERN_DEBUG "%s: failed to clone mesh frame\n",
sdata->name);
+ if (!fwd_skb)
goto out;
- }

fwd_hdr = (struct ieee80211_hdr *) fwd_skb->data;
memcpy(fwd_hdr->addr2, sdata->vif.addr, ETH_ALEN);


2010-12-30 08:53:19

by Johannes Berg

[permalink] [raw]
Subject: Re: [PATCH] mac80211: fix mesh forwarding when ratelimited too

On Thu, 2010-12-30 at 02:01 -0600, Milton Miller wrote:
> Commit b51aff057c9d0ef6c529dc25fd9f775faf7b6c63 said:
>
> Under memory pressure, the mac80211 mesh code
> may helpfully print a message that it failed
> to clone a mesh frame and then will proceed
> to crash trying to use it anyway. Fix that.
>
> Avoid the reference whenever the frame copy is unsuccessful
> regardless of the debug message being suppressed or printed.
>
> Cc: [email protected] [2.6.27+]
> Signed-off-by: Milton Miller <[email protected]>
> ---
> I chose a seperate if vs nesting the ratelimit check to avoid shifting
> the printk further to the right.
>
> diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
> index b01e467..e98668f 100644
> --- a/net/mac80211/rx.c
> +++ b/net/mac80211/rx.c
> @@ -1788,11 +1788,11 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
>
> fwd_skb = skb_copy(skb, GFP_ATOMIC);
>
> - if (!fwd_skb && net_ratelimit()) {
> + if (!fwd_skb && net_ratelimit())
> printk(KERN_DEBUG "%s: failed to clone mesh frame\n",
> sdata->name);
> + if (!fwd_skb)
> goto out;
> - }

Oops, good catch! Thanks.

johannes