diff options
4 files changed, 36 insertions, 4 deletions
diff --git a/target/linux/generic/patches-3.18/101-pppoe-fix-disconnect-crash.patch b/target/linux/generic/patches-3.18/101-pppoe-fix-disconnect-crash.patch new file mode 100644 index 0000000000..f2e6e45b0b --- /dev/null +++ b/target/linux/generic/patches-3.18/101-pppoe-fix-disconnect-crash.patch @@ -0,0 +1,16 @@ +Fix crash with actions performed on the underlying interface (MAC address, +MTU or link state update). This triggers pppoe_flush_dev(), which cleans up +the device without announcing it in sk->sk_state. + +Patch by Guillaume Nault (pulled from netdev@vger) + +--- a/drivers/net/ppp/pppoe.c ++++ b/drivers/net/ppp/pppoe.c +@@ -313,7 +313,6 @@ static void pppoe_flush_dev(struct net_d + if (po->pppoe_dev == dev && + sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND | PPPOX_ZOMBIE)) { + pppox_unbind_sock(sk); +- sk->sk_state = PPPOX_ZOMBIE; + sk->sk_state_change(sk); + po->pppoe_dev = NULL; + dev_put(dev); diff --git a/target/linux/generic/patches-3.18/650-pppoe_header_pad.patch b/target/linux/generic/patches-3.18/650-pppoe_header_pad.patch index 3b4978be84..4b623fad29 100644 --- a/target/linux/generic/patches-3.18/650-pppoe_header_pad.patch +++ b/target/linux/generic/patches-3.18/650-pppoe_header_pad.patch @@ -1,6 +1,6 @@ --- a/drivers/net/ppp/pppoe.c +++ b/drivers/net/ppp/pppoe.c -@@ -869,7 +869,7 @@ static int pppoe_sendmsg(struct kiocb *i +@@ -868,7 +868,7 @@ static int pppoe_sendmsg(struct kiocb *i goto end; @@ -9,7 +9,7 @@ 0, GFP_KERNEL); if (!skb) { error = -ENOMEM; -@@ -877,7 +877,7 @@ static int pppoe_sendmsg(struct kiocb *i +@@ -876,7 +876,7 @@ static int pppoe_sendmsg(struct kiocb *i } /* Reserve space for headers. */ diff --git a/target/linux/generic/patches-4.1/101-pppoe-fix-disconnect-crash.patch b/target/linux/generic/patches-4.1/101-pppoe-fix-disconnect-crash.patch new file mode 100644 index 0000000000..f2e6e45b0b --- /dev/null +++ b/target/linux/generic/patches-4.1/101-pppoe-fix-disconnect-crash.patch @@ -0,0 +1,16 @@ +Fix crash with actions performed on the underlying interface (MAC address, +MTU or link state update). This triggers pppoe_flush_dev(), which cleans up +the device without announcing it in sk->sk_state. + +Patch by Guillaume Nault (pulled from netdev@vger) + +--- a/drivers/net/ppp/pppoe.c ++++ b/drivers/net/ppp/pppoe.c +@@ -313,7 +313,6 @@ static void pppoe_flush_dev(struct net_d + if (po->pppoe_dev == dev && + sk->sk_state & (PPPOX_CONNECTED | PPPOX_BOUND | PPPOX_ZOMBIE)) { + pppox_unbind_sock(sk); +- sk->sk_state = PPPOX_ZOMBIE; + sk->sk_state_change(sk); + po->pppoe_dev = NULL; + dev_put(dev); diff --git a/target/linux/generic/patches-4.1/650-pppoe_header_pad.patch b/target/linux/generic/patches-4.1/650-pppoe_header_pad.patch index a9d3902b13..2804469952 100644 --- a/target/linux/generic/patches-4.1/650-pppoe_header_pad.patch +++ b/target/linux/generic/patches-4.1/650-pppoe_header_pad.patch @@ -1,6 +1,6 @@ --- a/drivers/net/ppp/pppoe.c +++ b/drivers/net/ppp/pppoe.c -@@ -872,7 +872,7 @@ static int pppoe_sendmsg(struct socket * +@@ -871,7 +871,7 @@ static int pppoe_sendmsg(struct socket * goto end; @@ -9,7 +9,7 @@ 0, GFP_KERNEL); if (!skb) { error = -ENOMEM; -@@ -880,7 +880,7 @@ static int pppoe_sendmsg(struct socket * +@@ -879,7 +879,7 @@ static int pppoe_sendmsg(struct socket * } /* Reserve space for headers. */ |