-
由 David Daney 提交于
As reported: This problem was discovered when doing BGP traffic with the TCP MD5 option activated, where the following call chain caused a crash: * tcp_v4_rcv * tcp_v4_timewait_ack * tcp_v4_send_ack -> follow stack variable rep.th * tcp_v4_md5_hash_hdr * tcp_md5_hash_header * sg_init_one * sg_set_buf * virt_to_page I noticed that tcp_v4_send_reset uses a similar stack variable and also calls tcp_v4_md5_hash_hdr, so it has the same problem. The networking core can indirectly call virt_to_phys() on stack addresses, if this is done from PID 0, the stack will usually be in CKSEG0, so virt_to_phys() needs to work there as well Signed-off-by: NDavid Daney <david.daney@cavium.com> Cc: linux-mips@linux-mips.org Cc: Jiang Liu <liuj97@gmail.com> Cc: eunb.song@samsung.com Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/5220/Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
49c426ba