From b0f48b6ebc43c79970d9c5fa57efb0ec22e18c99 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Tue, 22 Sep 2015 11:28:28 +0000 Subject: [PATCH] kernel: add a patch to fix crashes on pppoe disconnect/reconnect Signed-off-by: Felix Fietkau SVN-Revision: 47026 --- .../101-pppoe-fix-disconnect-crash.patch | 16 ++++++++++++++++ .../patches-3.18/650-pppoe_header_pad.patch | 4 ++-- .../101-pppoe-fix-disconnect-crash.patch | 16 ++++++++++++++++ .../patches-4.1/650-pppoe_header_pad.patch | 4 ++-- 4 files changed, 36 insertions(+), 4 deletions(-) create mode 100644 target/linux/generic/patches-3.18/101-pppoe-fix-disconnect-crash.patch create mode 100644 target/linux/generic/patches-4.1/101-pppoe-fix-disconnect-crash.patch diff --git a/target/linux/generic/patches-3.18/101-pppoe-fix-disconnect-crash.patch b/target/linux/generic/patches-3.18/101-pppoe-fix-disconnect-crash.patch new file mode 100644 index 0000000000..f2e6e45b0b --- /dev/null +++ b/target/linux/generic/patches-3.18/101-pppoe-fix-disconnect-crash.patch @@ -0,0 +1,16 @@ +Fix crash with actions performed on the underlying interface (MAC address, +MTU or link state update). This triggers pppoe_flush_dev(), which cleans up +the device without announcing it in sk->sk_state. + +Patch by Guillaume Nault (pulled from netdev@vger) + +--- a/drivers/net/ppp/pppoe.c ++++ b/drivers/net/ppp/pppoe.c +@@ -313,7 +313,6 @@ static void pppoe_flush_dev(struct net_d + if (po->pppoe_dev == dev && + sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND | PPPOX_ZOMBIE)) { + pppox_unbind_sock(sk); +- sk->sk_state = PPPOX_ZOMBIE; + sk->sk_state_change(sk); + po->pppoe_dev = NULL; + dev_put(dev); diff --git a/target/linux/generic/patches-3.18/650-pppoe_header_pad.patch b/target/linux/generic/patches-3.18/650-pppoe_header_pad.patch index 3b4978be84..4b623fad29 100644 --- a/target/linux/generic/patches-3.18/650-pppoe_header_pad.patch +++ b/target/linux/generic/patches-3.18/650-pppoe_header_pad.patch @@ -1,6 +1,6 @@ --- a/drivers/net/ppp/pppoe.c +++ b/drivers/net/ppp/pppoe.c -@@ -869,7 +869,7 @@ static int pppoe_sendmsg(struct kiocb *i +@@ -868,7 +868,7 @@ static int pppoe_sendmsg(struct kiocb *i goto end; @@ -9,7 +9,7 @@ 0, GFP_KERNEL); if (!skb) { error = -ENOMEM; -@@ -877,7 +877,7 @@ static int pppoe_sendmsg(struct kiocb *i +@@ -876,7 +876,7 @@ static int pppoe_sendmsg(struct kiocb *i } /* Reserve space for headers. */ diff --git a/target/linux/generic/patches-4.1/101-pppoe-fix-disconnect-crash.patch b/target/linux/generic/patches-4.1/101-pppoe-fix-disconnect-crash.patch new file mode 100644 index 0000000000..f2e6e45b0b --- /dev/null +++ b/target/linux/generic/patches-4.1/101-pppoe-fix-disconnect-crash.patch @@ -0,0 +1,16 @@ +Fix crash with actions performed on the underlying interface (MAC address, +MTU or link state update). This triggers pppoe_flush_dev(), which cleans up +the device without announcing it in sk->sk_state. + +Patch by Guillaume Nault (pulled from netdev@vger) + +--- a/drivers/net/ppp/pppoe.c ++++ b/drivers/net/ppp/pppoe.c +@@ -313,7 +313,6 @@ static void pppoe_flush_dev(struct net_d + if (po->pppoe_dev == dev && + sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND | PPPOX_ZOMBIE)) { + pppox_unbind_sock(sk); +- sk->sk_state = PPPOX_ZOMBIE; + sk->sk_state_change(sk); + po->pppoe_dev = NULL; + dev_put(dev); diff --git a/target/linux/generic/patches-4.1/650-pppoe_header_pad.patch b/target/linux/generic/patches-4.1/650-pppoe_header_pad.patch index a9d3902b13..2804469952 100644 --- a/target/linux/generic/patches-4.1/650-pppoe_header_pad.patch +++ b/target/linux/generic/patches-4.1/650-pppoe_header_pad.patch @@ -1,6 +1,6 @@ --- a/drivers/net/ppp/pppoe.c +++ b/drivers/net/ppp/pppoe.c -@@ -872,7 +872,7 @@ static int pppoe_sendmsg(struct socket * +@@ -871,7 +871,7 @@ static int pppoe_sendmsg(struct socket * goto end; @@ -9,7 +9,7 @@ 0, GFP_KERNEL); if (!skb) { error = -ENOMEM; -@@ -880,7 +880,7 @@ static int pppoe_sendmsg(struct socket * +@@ -879,7 +879,7 @@ static int pppoe_sendmsg(struct socket * } /* Reserve space for headers. */