Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp300968imm; Thu, 13 Sep 2018 21:27:32 -0700 (PDT) X-Google-Smtp-Source: ANB0VdZHq2DZfIarSsA8Lu2KrLo5rkO3nnkT58mxzARB4aEZLruQTrX5kgG7Qd97cIHwEu4hfMBx X-Received: by 2002:a63:7557:: with SMTP id f23-v6mr9817569pgn.135.1536899252913; Thu, 13 Sep 2018 21:27:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536899252; cv=none; d=google.com; s=arc-20160816; b=XedX1QqWfi46s1QwoAS12+ryZFoPoon0U5p175DXmiQbBXdTjNelntaXtvPxGS4WZ+ oWKBeFC/WJGA0oLapv+4RYAN6J8ZvgpPC9gM0cyIb6gGwDBuKd0shtXng5E6WyZ8gegn pLXBsAj9W/EMaY1P6ihrAea2YBccT5c4l6WDdlr2jWmtAMpIqY6Au6rFOPazV2Np6VmY wGywQgyErbxdMrVIaXrkkbbPsBZ1Vi8neULFsckcIW8XSduadHOnbSWdgxnUd1Yp9pbE iqyWwjFALHHjibUVmXGw+sr7+rH07kHJ2IbNw2WvUGtaz7cBOtcvji2zrUvWvkC0gBno ICrA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from; bh=6CNAtg2hKXAO4WkSPAG1baqNdXKFr3C5Y122UlsXw0E=; b=g4sfeDwNNId8bLOOm+Syq0BH2VnNt56ZiJeRWdAGwoKBz4nn2Kdid05aWO1sIkpsPH aHmeGvfRqmUL3yihtdGVu08zpz1KUiyTHKcoxDXW5WEEtOWD/fweii2gKdjbdLVU6FlG BhJtPne+gkLPg8X/cDxcZLoxFTZZ9hAi4vElRH6Ti8jcmpwUqFMm7A4dpI7zdIPKCFSw tftaqkDTQhKzZ9GkIdpIXkteDPLRgHMhKNcHKMZ1ke/QlRADEtB7gDorBRnmP4KbC9ud uHfBUDnnc+Rz6yduTx5kfbpZycSjODTjSTj5Ezaqp9oyrO8tZuD/FT4TcNAz8VHpM8Lj 3Pvg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z63-v6si5799680pfi.214.2018.09.13.21.27.09; Thu, 13 Sep 2018 21:27:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728078AbeINJjn (ORCPT + 99 others); Fri, 14 Sep 2018 05:39:43 -0400 Received: from cmccmta1.chinamobile.com ([221.176.66.79]:25853 "EHLO cmccmta1.chinamobile.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725953AbeINJjn (ORCPT ); Fri, 14 Sep 2018 05:39:43 -0400 Received: from spf.mail.chinamobile.com (unknown[172.16.121.1]) by rmmx-syy-dmz-app01-12001 (RichMail) with SMTP id 2ee15b9b3895d78-beec6; Fri, 14 Sep 2018 12:27:01 +0800 (CST) X-RM-TRANSID: 2ee15b9b3895d78-beec6 X-RM-TagInfo: emlType=0 X-RM-SPAM-FLAG: 00000000 Received: from localhost (unknown[223.105.0.240]) by rmsmtp-syy-appsvr01-12001 (RichMail) with SMTP id 2ee15b9b3893bdb-dcdfb; Fri, 14 Sep 2018 12:27:01 +0800 (CST) X-RM-TRANSID: 2ee15b9b3893bdb-dcdfb From: Haishuang Yan To: "David S. Miller" , Alexey Kuznetsov Cc: Jiri Benc , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Haishuang Yan Subject: [PATCH v3,net-next 1/2] ip_gre: fix parsing gre header in ipgre_err Date: Fri, 14 Sep 2018 12:26:47 +0800 Message-Id: <1536899208-2958-1-git-send-email-yanhaishuang@cmss.chinamobile.com> X-Mailer: git-send-email 1.8.3.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org gre_parse_header stops parsing when csum_err is encountered, which means tpi->key is undefined and ip_tunnel_lookup will return NULL improperly. This patch introduce a NULL pointer as csum_err parameter. Even when csum_err is encountered, it won't return error and continue parsing gre header as expected. Fixes: 9f57c67c379d ("gre: Remove support for sharing GRE protocol hook.") Reported-by: Jiri Benc Signed-off-by: Haishuang Yan --- Changes since v3: * skb_checksum_simple_validate need to be performed in csum_err case. --- net/ipv4/gre_demux.c | 7 ++++--- net/ipv4/ip_gre.c | 9 +++------ 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/net/ipv4/gre_demux.c b/net/ipv4/gre_demux.c index b798862..7efe740 100644 --- a/net/ipv4/gre_demux.c +++ b/net/ipv4/gre_demux.c @@ -86,13 +86,14 @@ int gre_parse_header(struct sk_buff *skb, struct tnl_ptk_info *tpi, options = (__be32 *)(greh + 1); if (greh->flags & GRE_CSUM) { - if (skb_checksum_simple_validate(skb)) { + if (!skb_checksum_simple_validate(skb)) { + skb_checksum_try_convert(skb, IPPROTO_GRE, 0, + null_compute_pseudo); + } else if (csum_err) { *csum_err = true; return -EINVAL; } - skb_checksum_try_convert(skb, IPPROTO_GRE, 0, - null_compute_pseudo); options++; } diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c index 8cce0e9..c3385a8 100644 --- a/net/ipv4/ip_gre.c +++ b/net/ipv4/ip_gre.c @@ -232,13 +232,10 @@ static void gre_err(struct sk_buff *skb, u32 info) const int type = icmp_hdr(skb)->type; const int code = icmp_hdr(skb)->code; struct tnl_ptk_info tpi; - bool csum_err = false; - if (gre_parse_header(skb, &tpi, &csum_err, htons(ETH_P_IP), - iph->ihl * 4) < 0) { - if (!csum_err) /* ignore csum errors. */ - return; - } + if (gre_parse_header(skb, &tpi, NULL, htons(ETH_P_IP), + iph->ihl * 4) < 0) + return; if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) { ipv4_update_pmtu(skb, dev_net(skb->dev), info, -- 1.8.3.1