Glenn Ruben Bakke 4c58f3282e Bluetooth: 6lowpan: Fix kernel NULL pointer dereferences ... The fixes provided in this patch assigns a valid net_device structure to skb before dispatching it for further processing. Scenario #1: ============ Bluetooth 6lowpan receives an uncompressed IPv6 header, and dispatches it to netif. The following error occurs: Null pointer dereference error #1 crash log: [ 845.854013] BUG: unable to handle kernel NULL pointer dereference at 0000000000000048 [ 845.855785] IP: [<ffffffff816e3d36>] enqueue_to_backlog+0x56/0x240 ... [ 845.909459] Call Trace: [ 845.911678] [<ffffffff816e3f64>] netif_rx_internal+0x44/0xf0 The first modification fixes the NULL pointer dereference error by assigning dev to the local_skb in order to set a valid net_device before processing the skb by netif_rx_ni(). Scenario #2: ============ Bluetooth 6lowpan receives an UDP compressed message which needs further decompression by nhc_udp. The following error occurs: Null pointer dereference error #2 crash log: [ 63.295149] BUG: unable to handle kernel NULL pointer dereference at 0000000000000840 [ 63.295931] IP: [<ffffffffc0559540>] udp_uncompress+0x320/0x626 [nhc_udp] The second modification fixes the NULL pointer dereference error by assigning dev to the local_skb in the case of a udp compressed packet. The 6lowpan udp_uncompress function expects that the net_device is set in the skb when checking lltype. Signed-off-by: Glenn Ruben Bakke <glenn.ruben.bakke@nordicsemi.no> Signed-off-by: Lukasz Duda <lukasz.duda@nordicsemi.no> Acked-by: Jukka Rissanen <jukka.rissanen@linux.intel.com> Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Cc: stable@vger.kernel.org # 4.4+		2016-01-23 12:21:47 +00:00
..
6lowpan	6lowpan: fix debugfs interface entry name	2015-12-20 08:21:00 +01:00
9p	... and a couple in net/9p	2016-01-04 10:29:17 -05:00
802
8021q	net: Rename NETIF_F_ALL_CSUM to NETIF_F_CSUM_MASK	2015-12-15 16:50:08 -05:00
appletalk
atm	net: Generalise wq_has_sleeper helper	2015-11-30 14:47:33 -05:00
ax25	net: add validation for the socket syscall protocol argument	2015-12-14 16:09:30 -05:00
batman-adv	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2016-01-11 23:55:43 -05:00
bluetooth	Bluetooth: 6lowpan: Fix kernel NULL pointer dereferences	2016-01-23 12:21:47 +00:00
bridge	bridge: Reflect MDB entries to hardware	2016-01-10 16:50:21 -05:00
caif	net: rename SOCK_ASYNC_NOSPACE and SOCK_ASYNC_WAITDATA	2015-12-01 15:45:05 -05:00
can	can: avoid using timeval for uapi	2015-10-13 17:42:34 +02:00
ceph	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client	2015-11-13 09:24:40 -08:00
core	net: bpf: reject invalid shifts	2016-01-12 17:06:53 -05:00
dcb	net/dcb: make dcbnl.c explicitly non-modular	2015-10-09 07:52:27 -07:00
dccp	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2015-12-03 21:09:12 -05:00
decnet	net: add validation for the socket syscall protocol argument	2015-12-14 16:09:30 -05:00
dns_resolver	net: dns_resolver: convert time_t to time64_t	2015-11-18 16:27:46 -05:00
dsa	dsa: Register netdev before phy	2016-01-07 14:31:26 -05:00
ethernet	net: Add eth_platform_get_mac_address() helper.	2016-01-06 16:31:56 -05:00
hsr	net/hsr: fix a warning message	2015-11-23 14:56:15 -05:00
ieee802154	inet: kill unused skb_free op	2016-01-05 22:25:57 -05:00
ipv4	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2016-01-11 23:55:43 -05:00
ipv6	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2016-01-11 23:55:43 -05:00
ipx
irda	net: add validation for the socket syscall protocol argument	2015-12-14 16:09:30 -05:00
iucv	iucv: call skb_linearize() when needed	2015-12-14 16:16:44 -05:00
key	af_key: fix two typos	2015-10-23 03:05:19 -07:00
l2tp	l2tp: rely on ppp layer for skb scrubbing	2016-01-04 16:45:24 -05:00
l3mdev	net: Add netif_is_l3_slave	2015-10-07 04:27:43 -07:00
lapb
llc
mac80211	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2015-12-17 22:08:28 -05:00
mac802154	mac802154: constify ieee802154_llsec_ops structure	2016-01-04 20:40:41 +01:00
mpls	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2015-12-17 22:08:28 -05:00
netfilter	Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next	2016-01-08 20:53:16 -05:00
netlabel
netlink	genetlink: Fix off-by-one in genl_allocate_reserve_groups()	2016-01-13 10:28:06 -05:00
netrom
nfc	NFC 4.5 pull request	2016-01-04 21:48:15 -05:00
openvswitch	openvswitch: update kernel doc for struct vport	2016-01-10 23:49:21 -05:00
packet	packet: Allow packets with only a header (but no payload)	2015-11-29 22:17:17 -05:00
phonet	phonet: properly unshare skbs in phonet_rcv()	2016-01-12 12:05:38 -05:00
rds	RDS: don't pretend to use cpu notifiers	2015-12-22 15:23:05 -05:00
rfkill	Bluetooth: hci_bcm: move all Broadcom ACPI IDs to BCM HCI driver	2016-01-04 19:22:05 +01:00
rose
rxrpc	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next	2016-01-12 18:57:02 -08:00
sched	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2016-01-11 23:55:43 -05:00
sctp	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2016-01-11 23:55:43 -05:00
sunrpc	sched/wait: Fix the signal handling fix	2015-12-13 14:30:59 -08:00
switchdev	switchdev: Adding MDB entry offload	2016-01-10 16:50:20 -05:00
tipc	ip_tunnel: Move stats update to iptunnel_xmit()	2015-12-25 23:32:23 -05:00
unix	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2016-01-11 23:55:43 -05:00
vmw_vsock	Revert "Merge branch 'vsock-virtio'"	2015-12-08 21:55:49 -05:00
wimax
wireless	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2015-12-17 22:08:28 -05:00
x25
xfrm	Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec	2015-12-22 16:26:31 -05:00
compat.c
Kconfig	net, sched: add clsact qdisc	2016-01-10 22:13:15 -05:00
Makefile	net: Introduce L3 Master device abstraction	2015-09-29 20:40:32 -07:00
socket.c	net: add scheduling point in recvmmsg/sendmmsg	2016-01-10 22:56:29 -05:00
sysctl_net.c	net: sysctl: fix a kmemleak warning	2015-10-23 06:22:08 -07:00