/* * netsniff-ng - the packet sniffing beast * Copyright 2009, 2010 Daniel Borkmann. * Copyright 2010 Emmanuel Roullit. * Subject to the GPL, version 2. */ #include #include #include /* for ntohs() */ #include "proto.h" #include "proto_vlan.h" #include "dissector_eth.h" #include "pkt_buff.h" struct vlanhdr { uint16_t h_vlan_TCI; uint16_t h_vlan_encapsulated_proto; } __packed; static void vlan(struct pkt_buff *pkt) { uint16_t tci; struct vlanhdr *vlan = (struct vlanhdr *) pkt_pull(pkt, sizeof(*vlan)); if (vlan == NULL) return; tci = ntohs(vlan->h_vlan_TCI); tprintf(" [ VLAN "); tprintf("Prio (%d), ", vlan_tci2prio(tci)); tprintf("CFI (%d), ", vlan_tci2cfi(tci)); tprintf("ID (%d), ", vlan_tci2vid(tci)); tprintf("Proto (0x%.4x)", ntohs(vlan->h_vlan_encapsulated_proto)); tprintf(" ]\n"); pkt_set_dissector(pkt, ð_lay2, ntohs(vlan->h_vlan_encapsulated_proto)); } static void vlan_less(struct pkt_buff *pkt) { uint16_t tci; struct vlanhdr *vlan = (struct vlanhdr *) pkt_pull(pkt, sizeof(*vlan)); if (vlan == NULL) return; tci = ntohs(vlan->h_vlan_TCI); tprintf(" VLAN%d", (tci & 0x0FFF)); pkt_set_dissector(pkt, ð_lay2, ntohs(vlan->h_vlan_encapsulated_proto)); } struct protocol vlan_ops = { .key = 0x8100, .print_full = vlan, .print_less = vlan_less, }; > net-next plumbingsTobias Klauser
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLeon Yu <chianglungyu@gmail.com>2016-10-27 17:46:50 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2016-10-27 18:43:43 -0700
commit06b2849d103f4a91212876a211d0d7df227a9513 (patch)
treede0cb888759169d999054497f35faa8f06b4765e
parent37df49f433bc3a11f5716fe65aaec5189c6402cb (diff)
proc: fix NULL dereference when reading /proc/<pid>/auxv
Reading auxv of any kernel thread results in NULL pointer dereferencing in auxv_read() where mm can be NULL. Fix that by checking for NULL mm and bailing out early. This is also the original behavior changed by recent commit c5317167854e ("proc: switch auxv to use of __mem_open()"). # cat /proc/2/auxv Unable to handle kernel NULL pointer dereference at virtual address 000000a8 Internal error: Oops: 17 [#1] PREEMPT SMP ARM CPU: 3 PID: 113 Comm: cat Not tainted 4.9.0-rc1-ARCH+ #1 Hardware name: BCM2709 task: ea3b0b00 task.stack: e99b2000 PC is at auxv_read+0x24/0x4c LR is at do_readv_writev+0x2fc/0x37c Process cat (pid: 113, stack limit = 0xe99b2210) Call chain: auxv_read do_readv_writev vfs_readv default_file_splice_read splice_direct_to_actor do_splice_direct do_sendfile SyS_sendfile64 ret_fast_syscall Fixes: c5317167854e ("proc: switch auxv to use of __mem_open()") Link: http://lkml.kernel.org/r/1476966200-14457-1-git-send-email-chianglungyu@gmail.com Signed-off-by: Leon Yu <chianglungyu@gmail.com> Acked-by: Oleg Nesterov <oleg@redhat.com> Acked-by: Michal Hocko <mhocko@suse.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Kees Cook <keescook@chromium.org> Cc: John Stultz <john.stultz@linaro.org> Cc: Mateusz Guzik <mguzik@redhat.com> Cc: Janis Danisevskis <jdanis@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat