Since ip6_tnl_parse_tlv_enc_lim() can call pskb_may_pull()
which may change skb->data, so we need to re-load ipv6h at
the right place.
Fixes: 898b29798e36 ("ip6_gre: Refactor ip6gre xmit codes")
Cc: William Tu <[email protected]>
Signed-off-by: Haishuang Yan <[email protected]>
---
net/ipv6/ip6_gre.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
index c2049c7..dd2d0b96 100644
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
@@ -660,12 +660,13 @@ static int prepare_ip6gre_xmit_ipv6(struct sk_buff *skb,
struct flowi6 *fl6, __u8 *dsfield,
int *encap_limit)
{
- struct ipv6hdr *ipv6h = ipv6_hdr(skb);
+ struct ipv6hdr *ipv6h;
struct ip6_tnl *t = netdev_priv(dev);
__u16 offset;
offset = ip6_tnl_parse_tlv_enc_lim(skb, skb_network_header(skb));
/* ip6_tnl_parse_tlv_enc_lim() might have reallocated skb->head */
+ ipv6h = ipv6_hdr(skb);
if (offset > 0) {
struct ipv6_tlv_tnl_enc_lim *tel;
--
1.8.3.1
On Wed, Jul 24, 2019 at 08:00:42PM +0800, Haishuang Yan wrote:
> Since ip6_tnl_parse_tlv_enc_lim() can call pskb_may_pull()
> which may change skb->data, so we need to re-load ipv6h at
> the right place.
>
> Fixes: 898b29798e36 ("ip6_gre: Refactor ip6gre xmit codes")
> Cc: William Tu <[email protected]>
> Signed-off-by: Haishuang Yan <[email protected]>
LGTM, thanks for the fix
Acked-by: William Tu <[email protected]>
> ---
> net/ipv6/ip6_gre.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
> index c2049c7..dd2d0b96 100644
> --- a/net/ipv6/ip6_gre.c
> +++ b/net/ipv6/ip6_gre.c
> @@ -660,12 +660,13 @@ static int prepare_ip6gre_xmit_ipv6(struct sk_buff *skb,
> struct flowi6 *fl6, __u8 *dsfield,
> int *encap_limit)
> {
> - struct ipv6hdr *ipv6h = ipv6_hdr(skb);
> + struct ipv6hdr *ipv6h;
> struct ip6_tnl *t = netdev_priv(dev);
> __u16 offset;
>
> offset = ip6_tnl_parse_tlv_enc_lim(skb, skb_network_header(skb));
> /* ip6_tnl_parse_tlv_enc_lim() might have reallocated skb->head */
> + ipv6h = ipv6_hdr(skb);
>
> if (offset > 0) {
> struct ipv6_tlv_tnl_enc_lim *tel;
> --
> 1.8.3.1
>
>
>
From: Haishuang Yan <[email protected]>
Date: Wed, 24 Jul 2019 20:00:42 +0800
> Since ip6_tnl_parse_tlv_enc_lim() can call pskb_may_pull()
> which may change skb->data, so we need to re-load ipv6h at
> the right place.
>
> Fixes: 898b29798e36 ("ip6_gre: Refactor ip6gre xmit codes")
> Cc: William Tu <[email protected]>
> Signed-off-by: Haishuang Yan <[email protected]>
Applied and queued up for -stable, thanks.