There is no guarantee that rmnet rx_handler is only fed with linear
skbs, but current rmnet implementation does not check that, leading
to crash in case of non linear skbs processed as linear ones.
Fix that by ensuring skb linearization before processing.
Signed-off-by: Loic Poulain <loic.poul...@linaro.org>
Acked-by: Willem de Bruijn <will...@google.com>
Reviewed-by: Subash Abhinov Kasiviswanathan <subas...@codeaurora.org>
---
v2: Add this patch to the series to prevent crash
v3: no change
v4: Fix skb leak in case of skb_linearize failure
drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c
b/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c
index 3d7d3ab..3d00b32 100644
--- a/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c
+++ b/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c
@@ -183,6 +183,11 @@ rx_handler_result_t rmnet_rx_handler(struct sk_buff **pskb)
if (!skb)
goto done;
+ if (skb_linearize(skb)) {
+ kfree_skb(skb);
+ goto done;
+ }
+
if (skb->pkt_type == PACKET_LOOPBACK)
return RX_HANDLER_PASS;
--
2.7.4
