The bpq ether driver is modifying the data art of the skb by first
dropping the KISS byte (a command byte for the radio) then prepending the
length + 4 of the remaining AX.25 packet to be transmitted as a little
endian 16-bit number. If the high byte of the length has a different
value than the dropped KISS byte users of clones of the skb may observe
this as corruption. This was observed with by running listen(8) -a which
uses a packet socket which clones transmit packets. The corruption will
then typically be displayed for as a KISS "TX Delay" command for AX.25
packets in the range of 252..508 bytes or any other KISS command for
yet larger packets.
Fixed by using skb_cow to create a private copy should the skb be cloned.
Using skb_cow also allows us to cleanup the old logic to ensure sufficient
headroom in the skb.
While at it, replace a return of 0 from bpq_xmit with the proper constant
NETDEV_TX_OK which is now being used everywhere else in this function.
Affected: all 2.2, 2.4 and 2.6 kernels.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Reported-by: Jann Traschewski <jann@gmx.de> Signed-off-by: David S. Miller <davem@davemloft.net>
projects / kernel.git / commit