Allocate the skb for llc responses with the received packet size by
using the size adjustable llc_frame_alloc.
Don't allocate useless extra payload.
Cleanup magic numbers.
So, this fixes oops.
Reported by Jim Westfall:
kernel: skb_over_panic: text:
c0541fc7 len:1000 put:997 head:
c166ac00 data:
c166ac2f tail:0xc166b017 end:0xc166ac80 dev:eth0
kernel: ------------[ cut here ]------------
kernel: kernel BUG at net/core/skbuff.c:95!
Signed-off-by: Joonwoo Park <joonwpark81@gmail.com>
Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
xid_info->fmt_id = LLC_XID_FMT_ID; /* 0x81 */
xid_info->type = svcs_supported;
xid_info->rw = rx_window << 1; /* size of receive window */
xid_info->fmt_id = LLC_XID_FMT_ID; /* 0x81 */
xid_info->type = svcs_supported;
xid_info->rw = rx_window << 1; /* size of receive window */
+ skb_put(skb, sizeof(struct llc_xid_info));
xid_info->fmt_id = LLC_XID_FMT_ID;
xid_info->type = svcs_supported;
xid_info->rw = rx_window << 1;
xid_info->fmt_id = LLC_XID_FMT_ID;
xid_info->type = svcs_supported;
xid_info->rw = rx_window << 1;
+ skb_put(skb, sizeof(struct llc_xid_info));
}
/* LLC Type 2 FRMR response information field format */
}
/* LLC Type 2 FRMR response information field format */
#ifndef LLC_SAP_H
#define LLC_SAP_H
#ifndef LLC_SAP_H
#define LLC_SAP_H
+
+#include <asm/types.h>
+
/*
* Copyright (c) 1997 by Procom Technology,Inc.
* 2001-2003 by Arnaldo Carvalho de Melo <acme@conectiva.com.br>
/*
* Copyright (c) 1997 by Procom Technology,Inc.
* 2001-2003 by Arnaldo Carvalho de Melo <acme@conectiva.com.br>
extern void llc_sap_rtn_pdu(struct llc_sap *sap, struct sk_buff *skb);
extern void llc_save_primitive(struct sock *sk, struct sk_buff* skb,
unsigned char prim);
extern void llc_sap_rtn_pdu(struct llc_sap *sap, struct sk_buff *skb);
extern void llc_save_primitive(struct sock *sk, struct sk_buff* skb,
unsigned char prim);
-extern struct sk_buff *llc_alloc_frame(struct sock *sk,
- struct net_device *dev);
+extern struct sk_buff *llc_alloc_frame(struct sock *sk, struct net_device *dev,
+ u8 type, u32 data_size);
extern void llc_build_and_send_test_pkt(struct llc_sap *sap,
struct sk_buff *skb,
extern void llc_build_and_send_test_pkt(struct llc_sap *sap,
struct sk_buff *skb,
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
- struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
+ struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_U, 0);
if (nskb) {
struct llc_sap *sap = llc->sap;
if (nskb) {
struct llc_sap *sap = llc->sap;
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
- struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
+ struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_U, 0);
if (nskb) {
struct llc_sap *sap = llc->sap;
if (nskb) {
struct llc_sap *sap = llc->sap;
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
- struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
+ struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_U, 0);
if (nskb) {
struct llc_sap *sap = llc->sap;
if (nskb) {
struct llc_sap *sap = llc->sap;
llc_pdu_decode_pf_bit(skb, &f_bit);
else
f_bit = 0;
llc_pdu_decode_pf_bit(skb, &f_bit);
else
f_bit = 0;
- nskb = llc_alloc_frame(sk, llc->dev);
+ nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_U,
+ sizeof(struct llc_frmr_info));
if (nskb) {
struct llc_sap *sap = llc->sap;
if (nskb) {
struct llc_sap *sap = llc->sap;
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
- struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
+ struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_U,
+ sizeof(struct llc_frmr_info));
if (nskb) {
struct llc_sap *sap = llc->sap;
if (nskb) {
struct llc_sap *sap = llc->sap;
struct llc_sock *llc = llc_sk(sk);
llc_pdu_decode_pf_bit(skb, &f_bit);
struct llc_sock *llc = llc_sk(sk);
llc_pdu_decode_pf_bit(skb, &f_bit);
- nskb = llc_alloc_frame(sk, llc->dev);
+ nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_U,
+ sizeof(struct llc_frmr_info));
if (nskb) {
struct llc_sap *sap = llc->sap;
struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
if (nskb) {
struct llc_sap *sap = llc->sap;
struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
- struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
+ struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_U, 0);
if (nskb) {
struct llc_sap *sap = llc->sap;
if (nskb) {
struct llc_sap *sap = llc->sap;
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
- struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
+ struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
if (nskb) {
struct llc_sap *sap = llc->sap;
if (nskb) {
struct llc_sap *sap = llc->sap;
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
- struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
+ struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
if (nskb) {
struct llc_sap *sap = llc->sap;
if (nskb) {
struct llc_sap *sap = llc->sap;
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
- struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
+ struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
if (nskb) {
struct llc_sap *sap = llc->sap;
if (nskb) {
struct llc_sap *sap = llc->sap;
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
- struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
+ struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
if (nskb) {
struct llc_sap *sap = llc->sap;
if (nskb) {
struct llc_sap *sap = llc->sap;
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
- struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
+ struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
if (nskb) {
struct llc_sap *sap = llc->sap;
if (nskb) {
struct llc_sap *sap = llc->sap;
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
- struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
+ struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
if (nskb) {
struct llc_sap *sap = llc->sap;
if (nskb) {
struct llc_sap *sap = llc->sap;
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
- struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
+ struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
if (nskb) {
struct llc_sap *sap = llc->sap;
if (nskb) {
struct llc_sap *sap = llc->sap;
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
- struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
+ struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
if (nskb) {
struct llc_sap *sap = llc->sap;
if (nskb) {
struct llc_sap *sap = llc->sap;
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
- struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
+ struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
if (nskb) {
struct llc_sap *sap = llc->sap;
if (nskb) {
struct llc_sap *sap = llc->sap;
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
- struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
+ struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
if (nskb) {
struct llc_sap *sap = llc->sap;
if (nskb) {
struct llc_sap *sap = llc->sap;
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
- struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
+ struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
if (nskb) {
struct llc_sap *sap = llc->sap;
if (nskb) {
struct llc_sap *sap = llc->sap;
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
- struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
+ struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
if (nskb) {
struct llc_sap *sap = llc->sap;
if (nskb) {
struct llc_sap *sap = llc->sap;
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
- struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
+ struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_U, 0);
if (nskb) {
struct llc_sap *sap = llc->sap;
if (nskb) {
struct llc_sap *sap = llc->sap;
u8 f_bit;
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
u8 f_bit;
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
- struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
+ struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_U, 0);
llc_pdu_decode_pf_bit(skb, &f_bit);
if (nskb) {
llc_pdu_decode_pf_bit(skb, &f_bit);
if (nskb) {
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
{
int rc = -ENOBUFS;
struct llc_sock *llc = llc_sk(sk);
- struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev);
+ struct sk_buff *nskb = llc_alloc_frame(sk, llc->dev, LLC_PDU_TYPE_S, 0);
if (nskb) {
struct llc_sap *sap = llc->sap;
if (nskb) {
struct llc_sap *sap = llc->sap;
FRMR_INFO_SET_PDU_INFO_2LONG_IND(frmr_info, vzyxw);
FRMR_INFO_SET_PDU_INVALID_Nr_IND(frmr_info, vzyxw);
FRMR_INFO_SET_PDU_INVALID_Ns_IND(frmr_info, vzyxw);
FRMR_INFO_SET_PDU_INFO_2LONG_IND(frmr_info, vzyxw);
FRMR_INFO_SET_PDU_INVALID_Nr_IND(frmr_info, vzyxw);
FRMR_INFO_SET_PDU_INVALID_Ns_IND(frmr_info, vzyxw);
+ skb_put(skb, sizeof(struct llc_frmr_info));
llc_pdu_decode_sa(skb, mac_da);
llc_pdu_decode_da(skb, mac_sa);
llc_pdu_decode_ssap(skb, &dsap);
llc_pdu_decode_sa(skb, mac_da);
llc_pdu_decode_da(skb, mac_sa);
llc_pdu_decode_ssap(skb, &dsap);
- nskb = llc_alloc_frame(NULL, skb->dev);
+ nskb = llc_alloc_frame(NULL, skb->dev, LLC_PDU_TYPE_U,
+ sizeof(struct llc_xid_info));
if (!nskb)
goto out;
llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, sap->laddr.lsap, dsap,
if (!nskb)
goto out;
llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, sap->laddr.lsap, dsap,
u8 mac_da[ETH_ALEN], mac_sa[ETH_ALEN], dsap;
struct sk_buff *nskb;
int rc = 1;
u8 mac_da[ETH_ALEN], mac_sa[ETH_ALEN], dsap;
struct sk_buff *nskb;
int rc = 1;
llc_pdu_decode_sa(skb, mac_da);
llc_pdu_decode_da(skb, mac_sa);
llc_pdu_decode_ssap(skb, &dsap);
llc_pdu_decode_sa(skb, mac_da);
llc_pdu_decode_da(skb, mac_sa);
llc_pdu_decode_ssap(skb, &dsap);
- nskb = llc_alloc_frame(NULL, skb->dev);
+
+ /* The test request command is type U (llc_len = 3) */
+ data_size = ntohs(eth_hdr(skb)->h_proto) - 3;
+ nskb = llc_alloc_frame(NULL, skb->dev, LLC_PDU_TYPE_U, data_size);
if (!nskb)
goto out;
llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, sap->laddr.lsap, dsap,
if (!nskb)
goto out;
llc_pdu_header_init(nskb, LLC_PDU_TYPE_U, sap->laddr.lsap, dsap,
#include <net/tcp_states.h>
#include <linux/llc.h>
#include <net/tcp_states.h>
#include <linux/llc.h>
+static int llc_mac_header_len(unsigned short devtype)
+{
+ switch (devtype) {
+ case ARPHRD_ETHER:
+ case ARPHRD_LOOPBACK:
+ return sizeof(struct ethhdr);
+#ifdef CONFIG_TR
+ case ARPHRD_IEEE802_TR:
+ return sizeof(struct trh_hdr);
+#endif
+ }
+ return 0;
+}
+
/**
* llc_alloc_frame - allocates sk_buff for frame
* @dev: network device this skb will be sent over
/**
* llc_alloc_frame - allocates sk_buff for frame
* @dev: network device this skb will be sent over
+ * @type: pdu type to allocate
+ * @data_size: data size to allocate
*
* Allocates an sk_buff for frame and initializes sk_buff fields.
* Returns allocated skb or %NULL when out of memory.
*/
*
* Allocates an sk_buff for frame and initializes sk_buff fields.
* Returns allocated skb or %NULL when out of memory.
*/
-struct sk_buff *llc_alloc_frame(struct sock *sk, struct net_device *dev)
+struct sk_buff *llc_alloc_frame(struct sock *sk, struct net_device *dev,
+ u8 type, u32 data_size)
- struct sk_buff *skb = alloc_skb(128, GFP_ATOMIC);
+ int hlen = type == LLC_PDU_TYPE_U ? 3 : 4;
+ struct sk_buff *skb;
+
+ hlen += llc_mac_header_len(dev->type);
+ skb = alloc_skb(hlen + data_size, GFP_ATOMIC);
if (skb) {
skb_reset_mac_header(skb);
if (skb) {
skb_reset_mac_header(skb);
+ skb_reserve(skb, hlen);
skb_reset_network_header(skb);
skb_reset_transport_header(skb);
skb->protocol = htons(ETH_P_802_2);
skb_reset_network_header(skb);
skb_reset_transport_header(skb);
skb->protocol = htons(ETH_P_802_2);
static int llc_station_ac_send_null_dsap_xid_c(struct sk_buff *skb)
{
int rc = 1;
static int llc_station_ac_send_null_dsap_xid_c(struct sk_buff *skb)
{
int rc = 1;
- struct sk_buff *nskb = llc_alloc_frame(NULL, skb->dev);
+ struct sk_buff *nskb = llc_alloc_frame(NULL, skb->dev, LLC_PDU_TYPE_U,
+ sizeof(struct llc_xid_info));
{
u8 mac_da[ETH_ALEN], dsap;
int rc = 1;
{
u8 mac_da[ETH_ALEN], dsap;
int rc = 1;
- struct sk_buff* nskb = llc_alloc_frame(NULL, skb->dev);
+ struct sk_buff *nskb = llc_alloc_frame(NULL, skb->dev, LLC_PDU_TYPE_U,
+ sizeof(struct llc_xid_info));
{
u8 mac_da[ETH_ALEN], dsap;
int rc = 1;
{
u8 mac_da[ETH_ALEN], dsap;
int rc = 1;
- struct sk_buff *nskb = llc_alloc_frame(NULL, skb->dev);
+ u32 data_size;
+ struct sk_buff *nskb;
+
+ /* The test request command is type U (llc_len = 3) */
+ data_size = ntohs(eth_hdr(skb)->h_proto) - 3;
+ nskb = llc_alloc_frame(NULL, skb->dev, LLC_PDU_TYPE_U, data_size);