Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753991AbdLTBx6 (ORCPT ); Tue, 19 Dec 2017 20:53:58 -0500 Received: from cmccmta3.chinamobile.com ([221.176.66.81]:48595 "EHLO cmccmta3.chinamobile.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753823AbdLTBxs (ORCPT ); Tue, 19 Dec 2017 20:53:48 -0500 X-RM-TRANSID: 2eeb5a39c2a8f48-97f0f X-RM-TagInfo: emlType=0 X-RM-SPAM-FLAG: 00000000 X-RM-TRANSID: 2ee35a39c2a7ab4-68630 From: Haishuang Yan To: "David S. Miller" , Alexey Kuznetsov , Hideaki YOSHIFUJI Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Haishuang Yan , William Tu Subject: [PATCH v3,net-next] ip6_gre: fix a pontential issue in ip6erspan_rcv Date: Wed, 20 Dec 2017 09:53:19 +0800 Message-Id: <1513734799-20879-1-git-send-email-yanhaishuang@cmss.chinamobile.com> X-Mailer: git-send-email 1.8.3.1 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1100 Lines: 39 pskb_may_pull() can change skb->data, so we need to load ipv6h/ershdr at the right place. Fixes: 5a963eb61b7c ("ip6_gre: Add ERSPAN native tunnel support") Cc: William Tu Acked-by: William Tu Signed-off-by: Haishuang Yan --- Change since v3: * Rebase on latest master branch. * Fix wrong commit information. --- net/ipv6/ip6_gre.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c index 87b9892..9bd1103 100644 --- a/net/ipv6/ip6_gre.c +++ b/net/ipv6/ip6_gre.c @@ -507,12 +507,11 @@ static int ip6erspan_rcv(struct sk_buff *skb, int gre_hdr_len, struct ip6_tnl *tunnel; u8 ver; - ipv6h = ipv6_hdr(skb); - ershdr = (struct erspan_base_hdr *)skb->data; - if (unlikely(!pskb_may_pull(skb, sizeof(*ershdr)))) return PACKET_REJECT; + ipv6h = ipv6_hdr(skb); + ershdr = (struct erspan_base_hdr *)skb->data; ver = (ntohs(ershdr->ver_vlan) & VER_MASK) >> VER_OFFSET; tpi->key = cpu_to_be32(ntohs(ershdr->session_id) & ID_MASK); -- 1.8.3.1