|
|
@@ -1,80 +1,7 @@
|
|
|
From: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
|
-Date: Thu, 9 Mar 2017 19:00:12 +0100
|
|
|
-Subject: batman-adv: backport a few maint patches
|
|
|
+Date: Tue, 28 Mar 2017 14:40:20 +0200
|
|
|
+Subject: batman-adv: Keep fragments equally sized
|
|
|
|
|
|
-In particular, this fixes packages of a certain range of sizes not being
|
|
|
-transmitted correctly, leading to hanging TCP connections.
|
|
|
-
|
|
|
-diff --git a/batman-adv/patches/1003-batman-adv-Fix-double-free-during-fragment-merge-err.patch b/batman-adv/patches/1003-batman-adv-Fix-double-free-during-fragment-merge-err.patch
|
|
|
-new file mode 100644
|
|
|
-index 0000000000000000000000000000000000000000..4d754ecda1451b5c3e25f74da97fab18b7a93c87
|
|
|
---- /dev/null
|
|
|
-+++ b/batman-adv/patches/1003-batman-adv-Fix-double-free-during-fragment-merge-err.patch
|
|
|
-@@ -0,0 +1,64 @@
|
|
|
-+From bcb7b6149bd9d1f41dae01ab47e74b8a931a650f Mon Sep 17 00:00:00 2001
|
|
|
-+Message-Id: <bcb7b6149bd9d1f41dae01ab47e74b8a931a650f.1489082249.git.mschiffer@universe-factory.net>
|
|
|
-+From: Sven Eckelmann <sven@narfation.org>
|
|
|
-+Date: Sun, 12 Feb 2017 11:26:33 +0100
|
|
|
-+Subject: [PATCH] batman-adv: Fix double free during fragment merge error
|
|
|
-+
|
|
|
-+The function batadv_frag_skb_buffer was supposed not to consume the skbuff
|
|
|
-+on errors. This was followed in the helper function
|
|
|
-+batadv_frag_insert_packet when the skb would potentially be inserted in the
|
|
|
-+fragment queue. But it could happen that the next helper function
|
|
|
-+batadv_frag_merge_packets would try to merge the fragments and fail. This
|
|
|
-+results in a kfree_skb of all the enqueued fragments (including the just
|
|
|
-+inserted one). batadv_recv_frag_packet would detect the error in
|
|
|
-+batadv_frag_skb_buffer and try to free the skb again.
|
|
|
-+
|
|
|
-+The behavior of batadv_frag_skb_buffer (and its helper
|
|
|
-+batadv_frag_insert_packet) must therefore be changed to always consume the
|
|
|
-+skbuff to have a common behavior and avoid the double kfree_skb.
|
|
|
-+
|
|
|
-+Fixes: 9b3eab61754d ("batman-adv: Receive fragmented packets and merge")
|
|
|
-+Signed-off-by: Sven Eckelmann <sven@narfation.org>
|
|
|
-+---
|
|
|
-+ net/batman-adv/fragmentation.c | 8 +++++---
|
|
|
-+ 1 file changed, 5 insertions(+), 3 deletions(-)
|
|
|
-+
|
|
|
-+diff --git a/net/batman-adv/fragmentation.c b/net/batman-adv/fragmentation.c
|
|
|
-+index 65536db1..c3e293a3 100644
|
|
|
-+--- a/net/batman-adv/fragmentation.c
|
|
|
-++++ b/net/batman-adv/fragmentation.c
|
|
|
-+@@ -233,8 +233,10 @@ err_unlock:
|
|
|
-+ spin_unlock_bh(&chain->lock);
|
|
|
-+
|
|
|
-+ err:
|
|
|
-+- if (!ret)
|
|
|
-++ if (!ret) {
|
|
|
-+ kfree(frag_entry_new);
|
|
|
-++ kfree_skb(skb);
|
|
|
-++ }
|
|
|
-+
|
|
|
-+ return ret;
|
|
|
-+ }
|
|
|
-+@@ -305,7 +307,7 @@ free:
|
|
|
-+ *
|
|
|
-+ * There are three possible outcomes: 1) Packet is merged: Return true and
|
|
|
-+ * set *skb to merged packet; 2) Packet is buffered: Return true and set *skb
|
|
|
-+- * to NULL; 3) Error: Return false and leave skb as is.
|
|
|
-++ * to NULL; 3) Error: Return false and free skb.
|
|
|
-+ *
|
|
|
-+ * Return: true when packet is merged or buffered, false when skb is not not
|
|
|
-+ * used.
|
|
|
-+@@ -330,9 +332,9 @@ bool batadv_frag_skb_buffer(struct sk_buff **skb,
|
|
|
-+ goto out_err;
|
|
|
-+
|
|
|
-+ out:
|
|
|
-+- *skb = skb_out;
|
|
|
-+ ret = true;
|
|
|
-+ out_err:
|
|
|
-++ *skb = skb_out;
|
|
|
-+ return ret;
|
|
|
-+ }
|
|
|
-+
|
|
|
-+--
|
|
|
-+2.12.0
|
|
|
-+
|
|
|
diff --git a/batman-adv/patches/1004-batman-adv-Keep-fragments-equally-sized.patch b/batman-adv/patches/1004-batman-adv-Keep-fragments-equally-sized.patch
|
|
|
new file mode 100644
|
|
|
index 0000000000000000000000000000000000000000..431c0b4a1a722c4c2ebae390bc0c90be18966023
|
Matthias Schiffer