Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp2311296imm;
        Mon, 28 May 2018 05:53:13 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZomM9HX8fDhDjzF1jsSqVUExRuI2nYd4UfudfY2uOd9B6YrrTJ1yDNJtFoklHcsEd9hIxMN
X-Received: by 2002:a62:1e02:: with SMTP id e2-v6mr13463470pfe.212.1527511993327;
        Mon, 28 May 2018 05:53:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1527511993; cv=none;
        d=google.com; s=arc-20160816;
        b=BCtihGwuEx1xqS8A4IxlOQh/KhSreP//KSKGqO0qPGVBR+zjYkq6z2xD8ZVFwkIXAs
         ZZ1OXxDiZGLGzk7VaJ90MTy3BUSYeti8JU2mhggYE55dKa27CloXnqVfQq3XEpZtMx7J
         AgUpS8dRqh38EbF0gf/itGqGTyaTTeBQDymUZjApxqBYFwYcj5VparbN+1u7SnT8qi6I
         dmNYy4kKTPUMjBpHfhg1PtR4Z8GOoQQOjCHBxv31PdV2jBBc2LBTtQxQldSMPP5ulPob
         6d6UMmv4k7ZxB6KpOXxHQ1eKfKZ88KOSnx/bnZOM/X27N7eFHf5UTpkaYB2qwes8E3LU
         HQZw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature
         :arc-authentication-results;
        bh=UZCmYFxxSGZ3uOUX9PtGk0CdoxKYwCuH8YHEQxZUB0E=;
        b=Kv2HGWN/YCtZC3iq3uTDadWmtaIuLxTvNLuGqn2Xve4Rv8/lyt7XSvwUiniDqixTG1
         04MrZu6xQIsfjwnGhHtTSFY22qEfHV12XgWjqKdx/oHbDc1uKQQdHqaz33josWm219OV
         YmBkZh5xIAmoUJCPOEWjrEYURJbEMtdOef2a4cTLtq0tDOvQu45+qaJPqsyJmnR9hsqL
         w2oE+XcAWVGek8IpjFH9XliyIbO8nZYMTYKmu3W3/JEQ6M2uZiRkOwSir8rpptD8rnBH
         r3oe1Oyy6ibiSmXJgbEmBTaaORNHf7H+jHOdrQmBhIZUKghlrkclxmhagZDO3OLEoMLP
         UL4A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=aTRJJ/bA;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id a16-v6si7394395pfk.350.2018.05.28.05.52.59;
        Mon, 28 May 2018 05:53:13 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=aTRJJ/bA;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S938083AbeE1MwK (ORCPT
        <rfc822;ArcheFireLinuxKernelMain@gmail.com> + 99 others);
        Mon, 28 May 2018 08:52:10 -0400
Received: from mail.kernel.org ([198.145.29.99]:44400 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1164447AbeE1Kzz (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 28 May 2018 06:55:55 -0400
Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 04EA3208A1;
        Mon, 28 May 2018 10:55:53 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1527504954;
        bh=AOrRhLl/zqpGCVusVO8Pq1hs8Vx8MABcAzFiH5+x1lc=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=aTRJJ/bA10BhQxm+LAdZEkCN2adC0QIACaN4Wg9q6n/q5fOmeICamAQ2FAouFXbek
         SazExRHeYL5xyzx3EaKwWSVf1DP2sOV1cuein43gQjdplZL+G5gwVFi9hc3Gp3LWfE
         A375kUf9LSZ3EgRhV9aBbadJepBeABlot0m3XLwk=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org,
        Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp>,
        "David S. Miller" <davem@davemloft.net>,
        Sasha Levin <alexander.levin@microsoft.com>
Subject: [PATCH 4.14 315/496] vlan: Fix vlan insertion for packets without ethernet header
Date:   Mon, 28 May 2018 12:01:40 +0200
Message-Id: <20180528100333.104173363@linuxfoundation.org>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <20180528100319.498712256@linuxfoundation.org>
References: <20180528100319.498712256@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.14-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp>

[ Upstream commit c769accdf3d8a103940bea2979b65556718567e9 ]

In some situation vlan packets do not have ethernet headers. One example
is packets from tun devices. Users can specify vlan protocol in tun_pi
field instead of IP protocol. When we have a vlan device with reorder_hdr
disabled on top of the tun device, such packets from tun devices are
untagged in skb_vlan_untag() and vlan headers will be inserted back in
vlan_insert_inner_tag().

vlan_insert_inner_tag() however did not expect packets without ethernet
headers, so in such a case size argument for memmove() underflowed.

We don't need to copy headers for packets which do not have preceding
headers of vlan headers, so skip memmove() in that case.
Also don't write vlan protocol in skb->data when it does not have enough
room for it.

Fixes: cbe7128c4b92 ("vlan: Fix out of order vlan headers with reorder header off")
Signed-off-by: Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 include/linux/if_vlan.h |   15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

--- a/include/linux/if_vlan.h
+++ b/include/linux/if_vlan.h
@@ -323,13 +323,24 @@ static inline int __vlan_insert_inner_ta
 	skb_push(skb, VLAN_HLEN);
 
 	/* Move the mac header sans proto to the beginning of the new header. */
-	memmove(skb->data, skb->data + VLAN_HLEN, mac_len - ETH_TLEN);
+	if (likely(mac_len > ETH_TLEN))
+		memmove(skb->data, skb->data + VLAN_HLEN, mac_len - ETH_TLEN);
 	skb->mac_header -= VLAN_HLEN;
 
 	veth = (struct vlan_ethhdr *)(skb->data + mac_len - ETH_HLEN);
 
 	/* first, the ethernet type */
-	veth->h_vlan_proto = vlan_proto;
+	if (likely(mac_len >= ETH_TLEN)) {
+		/* h_vlan_encapsulated_proto should already be populated, and
+		 * skb->data has space for h_vlan_proto
+		 */
+		veth->h_vlan_proto = vlan_proto;
+	} else {
+		/* h_vlan_encapsulated_proto should not be populated, and
+		 * skb->data has no space for h_vlan_proto
+		 */
+		veth->h_vlan_encapsulated_proto = skb->protocol;
+	}
 
 	/* now, the TCI */
 	veth->h_vlan_TCI = htons(vlan_tci);