LinuxLists.cc - [PATCH] ip6_gre: fix a pontential issue in ip6erspan

2017-12-15 02:47:02

Subject: [PATCH] ip6_gre: fix a pontential issue in ip6erspan_rcv

pskb_may_pull() can change skb->data, so we need to load ipv6h/ershdr at
the right place.

Fixes: 5a963eb61b7c ("ip6_gre: Add ERSPAN native tunnel support")
Cc: William Tu <[email protected]>
Signed-off-by: Haishuang Yan <[email protected]>
---
net/ipv6/ip6_gre.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
index 68e7eef..eab4b56 100644
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
@@ -506,12 +506,12 @@ static int ip6erspan_rcv(struct sk_buff *skb, int gre_hdr_len,
struct ip6_tnl *tunnel;
__be32 index;

- ipv6h = ipv6_hdr(skb);
- ershdr = (struct erspanhdr *)skb->data;
-
if (unlikely(!pskb_may_pull(skb, sizeof(*ershdr))))
return PACKET_REJECT;

+ ipv6h = ipv6_hdr(skb);
+ ershdr = (struct erspanhdr *)skb->data;
+
tpi->key = cpu_to_be32(ntohs(ershdr->session_id) & ID_MASK);
index = ershdr->md.index;

--
1.8.3.1

2017-12-15 16:34:46

by William Tu

[permalink] [raw]

Subject: Re: [PATCH] ip6_gre: fix a pontential issue in ip6erspan_rcv

On Thu, Dec 14, 2017 at 6:46 PM, Haishuang Yan
<[email protected]> wrote:
> pskb_may_pull() can change skb->data, so we need to load ipv6h/ershdr at
> the right place.
>
> Fixes: 5a963eb61b7c ("ip6_gre: Add ERSPAN native tunnel support")
> Cc: William Tu <[email protected]>
> Signed-off-by: Haishuang Yan <[email protected]>
> ---

Thanks for the patch!

Acked-by: William Tu <[email protected]>

2017-12-15 19:11:15

by David Miller

[permalink] [raw]

Subject: Re: [PATCH] ip6_gre: fix a pontential issue in ip6erspan_rcv

From: Haishuang Yan <[email protected]>
Date: Fri, 15 Dec 2017 10:46:38 +0800

> pskb_may_pull() can change skb->data, so we need to load ipv6h/ershdr at
> the right place.
>
> Fixes: 5a963eb61b7c ("ip6_gre: Add ERSPAN native tunnel support")
> Cc: William Tu <[email protected]>
> Signed-off-by: Haishuang Yan <[email protected]>

The mentioned commit ID only exists in net-next, and this patch does not apply
cleanly there.

2017-12-16 01:27:19

by Haishuang Yan

[permalink] [raw]

Subject: Re: [PATCH] ip6_gre: fix a pontential issue in ip6erspan_rcv

> On 2017??12??16??, at ????3:11, David Miller <[email protected]> wrote:
>
> From: Haishuang Yan <[email protected]>
> Date: Fri, 15 Dec 2017 10:46:38 +0800
>
>> pskb_may_pull() can change skb->data, so we need to load ipv6h/ershdr at
>> the right place.
>>
>> Fixes: 5a963eb61b7c ("ip6_gre: Add ERSPAN native tunnel support")
>> Cc: William Tu <[email protected]>
>> Signed-off-by: Haishuang Yan <[email protected]>
>
> The mentioned commit ID only exists in net-next, and this patch does not apply
> cleanly there.
>

Okay, I will send v2 commit rebased on latest master and with prefix [net-next].

Thanks.