Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756561AbdLPC0g (ORCPT ); Fri, 15 Dec 2017 21:26:36 -0500 Received: from cmccmta1.chinamobile.com ([221.176.66.79]:22269 "EHLO cmccmta1.chinamobile.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755978AbdLPC0e (ORCPT ); Fri, 15 Dec 2017 21:26:34 -0500 X-RM-TRANSID: 2ee45a348457851-485ff X-RM-TagInfo: emlType=0 X-RM-SPAM-FLAG: 00000000 X-RM-TRANSID: 2ee85a3484562e0-8316e From: Haishuang Yan To: "David S. Miller" , Alexey Kuznetsov , Hideaki YOSHIFUJI Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Haishuang Yan , William Tu Subject: [PATCH v2,net-next] ip6_gre: fix a pontential issue in ip6erspan_rcv Date: Sat, 16 Dec 2017 10:25:25 +0800 Message-Id: <1513391125-28227-1-git-send-email-yanhaishuang@cmss.chinamobile.com> X-Mailer: git-send-email 1.8.3.1 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1108 Lines: 38 pskb_may_pull() can change skb->data, so we need to load ipv6h/ershdr at the right place. Fixes: 5a963eb61b7c ("ip6_gre: Add ERSPAN native tunnel support") Acked-by: William Tu Cc: William Tu Signed-off-by: Haishuang Yan --- Change since v2: * Rebase on latest master. --- net/ipv6/ip6_gre.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c index f210f9c..aa1512e 100644 --- a/net/ipv6/ip6_gre.c +++ b/net/ipv6/ip6_gre.c @@ -507,12 +507,11 @@ static int ip6erspan_rcv(struct sk_buff *skb, int gre_hdr_len, struct ip6_tnl *tunnel; u8 ver; - ipv6h = ipv6_hdr(skb); - ershdr = (struct erspan_base_hdr *)skb->data; - if (unlikely(!pskb_may_pull(skb, sizeof(*ershdr)))) return PACKET_REJECT; + ipv6h = ipv6_hdr(skb); + ershdr = (struct erspan_base_hdr *)skb->data; ver = (ntohs(ershdr->ver_vlan) & VER_MASK) >> VER_OFFSET; tpi->key = cpu_to_be32(ntohs(ershdr->session_id) & ID_MASK); pkt_md = (struct erspan_metadata *)(ershdr + 1); -- 1.8.3.1