Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp2311296imm; Mon, 28 May 2018 05:53:13 -0700 (PDT) X-Google-Smtp-Source: AB8JxZomM9HX8fDhDjzF1jsSqVUExRuI2nYd4UfudfY2uOd9B6YrrTJ1yDNJtFoklHcsEd9hIxMN X-Received: by 2002:a62:1e02:: with SMTP id e2-v6mr13463470pfe.212.1527511993327; Mon, 28 May 2018 05:53:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527511993; cv=none; d=google.com; s=arc-20160816; b=BCtihGwuEx1xqS8A4IxlOQh/KhSreP//KSKGqO0qPGVBR+zjYkq6z2xD8ZVFwkIXAs ZZ1OXxDiZGLGzk7VaJ90MTy3BUSYeti8JU2mhggYE55dKa27CloXnqVfQq3XEpZtMx7J AgUpS8dRqh38EbF0gf/itGqGTyaTTeBQDymUZjApxqBYFwYcj5VparbN+1u7SnT8qi6I dmNYy4kKTPUMjBpHfhg1PtR4Z8GOoQQOjCHBxv31PdV2jBBc2LBTtQxQldSMPP5ulPob 6d6UMmv4k7ZxB6KpOXxHQ1eKfKZ88KOSnx/bnZOM/X27N7eFHf5UTpkaYB2qwes8E3LU HQZw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=UZCmYFxxSGZ3uOUX9PtGk0CdoxKYwCuH8YHEQxZUB0E=; b=Kv2HGWN/YCtZC3iq3uTDadWmtaIuLxTvNLuGqn2Xve4Rv8/lyt7XSvwUiniDqixTG1 04MrZu6xQIsfjwnGhHtTSFY22qEfHV12XgWjqKdx/oHbDc1uKQQdHqaz33josWm219OV YmBkZh5xIAmoUJCPOEWjrEYURJbEMtdOef2a4cTLtq0tDOvQu45+qaJPqsyJmnR9hsqL w2oE+XcAWVGek8IpjFH9XliyIbO8nZYMTYKmu3W3/JEQ6M2uZiRkOwSir8rpptD8rnBH r3oe1Oyy6ibiSmXJgbEmBTaaORNHf7H+jHOdrQmBhIZUKghlrkclxmhagZDO3OLEoMLP UL4A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=aTRJJ/bA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a16-v6si7394395pfk.350.2018.05.28.05.52.59; Mon, 28 May 2018 05:53:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=aTRJJ/bA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S938083AbeE1MwK (ORCPT + 99 others); Mon, 28 May 2018 08:52:10 -0400 Received: from mail.kernel.org ([198.145.29.99]:44400 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1164447AbeE1Kzz (ORCPT ); Mon, 28 May 2018 06:55:55 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 04EA3208A1; Mon, 28 May 2018 10:55:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1527504954; bh=AOrRhLl/zqpGCVusVO8Pq1hs8Vx8MABcAzFiH5+x1lc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=aTRJJ/bA10BhQxm+LAdZEkCN2adC0QIACaN4Wg9q6n/q5fOmeICamAQ2FAouFXbek SazExRHeYL5xyzx3EaKwWSVf1DP2sOV1cuein43gQjdplZL+G5gwVFi9hc3Gp3LWfE A375kUf9LSZ3EgRhV9aBbadJepBeABlot0m3XLwk= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Toshiaki Makita , "David S. Miller" , Sasha Levin Subject: [PATCH 4.14 315/496] vlan: Fix vlan insertion for packets without ethernet header Date: Mon, 28 May 2018 12:01:40 +0200 Message-Id: <20180528100333.104173363@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180528100319.498712256@linuxfoundation.org> References: <20180528100319.498712256@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Toshiaki Makita [ Upstream commit c769accdf3d8a103940bea2979b65556718567e9 ] In some situation vlan packets do not have ethernet headers. One example is packets from tun devices. Users can specify vlan protocol in tun_pi field instead of IP protocol. When we have a vlan device with reorder_hdr disabled on top of the tun device, such packets from tun devices are untagged in skb_vlan_untag() and vlan headers will be inserted back in vlan_insert_inner_tag(). vlan_insert_inner_tag() however did not expect packets without ethernet headers, so in such a case size argument for memmove() underflowed. We don't need to copy headers for packets which do not have preceding headers of vlan headers, so skip memmove() in that case. Also don't write vlan protocol in skb->data when it does not have enough room for it. Fixes: cbe7128c4b92 ("vlan: Fix out of order vlan headers with reorder header off") Signed-off-by: Toshiaki Makita Signed-off-by: David S. Miller Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- include/linux/if_vlan.h | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) --- a/include/linux/if_vlan.h +++ b/include/linux/if_vlan.h @@ -323,13 +323,24 @@ static inline int __vlan_insert_inner_ta skb_push(skb, VLAN_HLEN); /* Move the mac header sans proto to the beginning of the new header. */ - memmove(skb->data, skb->data + VLAN_HLEN, mac_len - ETH_TLEN); + if (likely(mac_len > ETH_TLEN)) + memmove(skb->data, skb->data + VLAN_HLEN, mac_len - ETH_TLEN); skb->mac_header -= VLAN_HLEN; veth = (struct vlan_ethhdr *)(skb->data + mac_len - ETH_HLEN); /* first, the ethernet type */ - veth->h_vlan_proto = vlan_proto; + if (likely(mac_len >= ETH_TLEN)) { + /* h_vlan_encapsulated_proto should already be populated, and + * skb->data has space for h_vlan_proto + */ + veth->h_vlan_proto = vlan_proto; + } else { + /* h_vlan_encapsulated_proto should not be populated, and + * skb->data has no space for h_vlan_proto + */ + veth->h_vlan_encapsulated_proto = skb->protocol; + } /* now, the TCI */ veth->h_vlan_TCI = htons(vlan_tci);