kernel: add a patch to fix crashes on pppoe disconnect/reconnect

author Felix Fietkau <nbd@openwrt.org>

Tue, 22 Sep 2015 11:28:28 +0000 (11:28 +0000)

committer Felix Fietkau <nbd@openwrt.org>

Tue, 22 Sep 2015 11:28:28 +0000 (11:28 +0000)
author Felix Fietkau <nbd@openwrt.org>
Tue, 22 Sep 2015 11:28:28 +0000 (11:28 +0000)
committer Felix Fietkau <nbd@openwrt.org>
Tue, 22 Sep 2015 11:28:28 +0000 (11:28 +0000)
diff --git a/target/linux/generic/patches-3.18/101-pppoe-fix-disconnect-crash.patch b/target/linux/generic/patches-3.18/101-pppoe-fix-disconnect-crash.patch

new file mode 100644 (file)

index 0000000..f2e6e45
--- /dev/null
+++ b/target/linux/generic/patches-3.18/101-pppoe-fix-disconnect-crash.patch
@@ -0,0 +1,16 @@
+Fix crash with actions performed on the underlying interface (MAC address,
+MTU or link state update). This triggers pppoe_flush_dev(), which cleans up
+the device without announcing it in sk->sk_state.
+
+Patch by Guillaume Nault (pulled from netdev@vger)
+
+--- a/drivers/net/ppp/pppoe.c
++++ b/drivers/net/ppp/pppoe.c
+@@ -313,7 +313,6 @@ static void pppoe_flush_dev(struct net_d
+                       if (po->pppoe_dev == dev &&
+                           sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND | PPPOX_ZOMBIE)) {
+                               pppox_unbind_sock(sk);
+-                              sk->sk_state = PPPOX_ZOMBIE;
+                               sk->sk_state_change(sk);
+                               po->pppoe_dev = NULL;
+                               dev_put(dev);
diff --git a/target/linux/generic/patches-3.18/650-pppoe_header_pad.patch b/target/linux/generic/patches-3.18/650-pppoe_header_pad.patch

index 3b4978be8498bb6e09ec2973ea6d4cde1b803b20..4b623fad29911fb6d861f290f251e67b9e0f2ca0 100644 (file)
--- a/target/linux/generic/patches-3.18/650-pppoe_header_pad.patch
+++ b/target/linux/generic/patches-3.18/650-pppoe_header_pad.patch
@@ -1,6 +1,6 @@
  --- a/drivers/net/ppp/pppoe.c
  +++ b/drivers/net/ppp/pppoe.c
-@@ -869,7 +869,7 @@ static int pppoe_sendmsg(struct kiocb *i
+@@ -868,7 +868,7 @@ static int pppoe_sendmsg(struct kiocb *i
                 goto end;
   
   
@@ -9,7 +9,7 @@
                            0, GFP_KERNEL);
         if (!skb) {
                 error = -ENOMEM;
-@@ -877,7 +877,7 @@ static int pppoe_sendmsg(struct kiocb *i
+@@ -876,7 +876,7 @@ static int pppoe_sendmsg(struct kiocb *i
         }
   
         /* Reserve space for headers. */
diff --git a/target/linux/generic/patches-4.1/101-pppoe-fix-disconnect-crash.patch b/target/linux/generic/patches-4.1/101-pppoe-fix-disconnect-crash.patch

new file mode 100644 (file)

index 0000000..f2e6e45
--- /dev/null
+++ b/target/linux/generic/patches-4.1/101-pppoe-fix-disconnect-crash.patch
@@ -0,0 +1,16 @@
+Fix crash with actions performed on the underlying interface (MAC address,
+MTU or link state update). This triggers pppoe_flush_dev(), which cleans up
+the device without announcing it in sk->sk_state.
+
+Patch by Guillaume Nault (pulled from netdev@vger)
+
+--- a/drivers/net/ppp/pppoe.c
++++ b/drivers/net/ppp/pppoe.c
+@@ -313,7 +313,6 @@ static void pppoe_flush_dev(struct net_d
+                       if (po->pppoe_dev == dev &&
+                           sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND | PPPOX_ZOMBIE)) {
+                               pppox_unbind_sock(sk);
+-                              sk->sk_state = PPPOX_ZOMBIE;
+                               sk->sk_state_change(sk);
+                               po->pppoe_dev = NULL;
+                               dev_put(dev);
diff --git a/target/linux/generic/patches-4.1/650-pppoe_header_pad.patch b/target/linux/generic/patches-4.1/650-pppoe_header_pad.patch

index a9d3902b13c9b1688d0f6f92c2004427bd0970f2..28044699524d2b584c581fd2410bc7e35a1121a6 100644 (file)
--- a/target/linux/generic/patches-4.1/650-pppoe_header_pad.patch
+++ b/target/linux/generic/patches-4.1/650-pppoe_header_pad.patch
@@ -1,6 +1,6 @@
  --- a/drivers/net/ppp/pppoe.c
  +++ b/drivers/net/ppp/pppoe.c
-@@ -872,7 +872,7 @@ static int pppoe_sendmsg(struct socket *
+@@ -871,7 +871,7 @@ static int pppoe_sendmsg(struct socket *
                 goto end;
   
   
@@ -9,7 +9,7 @@
                            0, GFP_KERNEL);
         if (!skb) {
                 error = -ENOMEM;
-@@ -880,7 +880,7 @@ static int pppoe_sendmsg(struct socket *
+@@ -879,7 +879,7 @@ static int pppoe_sendmsg(struct socket *
         }
   
         /* Reserve space for headers. */
author	Felix Fietkau <nbd@openwrt.org>
	Tue, 22 Sep 2015 11:28:28 +0000 (11:28 +0000)
committer	Felix Fietkau <nbd@openwrt.org>
	Tue, 22 Sep 2015 11:28:28 +0000 (11:28 +0000)
target/linux/generic/patches-3.18/101-pppoe-fix-disconnect-crash.patch	[new file with mode: 0644]	patch \| blob
target/linux/generic/patches-3.18/650-pppoe_header_pad.patch		patch \| blob \| history
target/linux/generic/patches-4.1/101-pppoe-fix-disconnect-crash.patch	[new file with mode: 0644]	patch \| blob
target/linux/generic/patches-4.1/650-pppoe_header_pad.patch		patch \| blob \| history