Message ID | 1496558623-11437-1-git-send-email-yanhaishuang@cmss.chinamobile.com |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
From: Haishuang Yan <yanhaishuang@cmss.chinamobile.com> Date: Sun, 4 Jun 2017 14:43:43 +0800 > Since iptunnel_pull_header() can call pskb_may_pull(), > we must reload any pointer that was related to skb->head. > > Fixes: a09a4c8dd1ec ("tunnels: Remove encapsulation offloads on decap") > Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com> Applied and queued up for -stable, thank you.
On Sun, 2017-06-04 at 14:43 +0800, Haishuang Yan wrote: > Since iptunnel_pull_header() can call pskb_may_pull(), > we must reload any pointer that was related to skb->head. > > Fixes: a09a4c8dd1ec ("tunnels: Remove encapsulation offloads on decap") > Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com> > --- > net/ipv6/sit.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c > index 61e5902..af832e7 100644 > --- a/net/ipv6/sit.c > +++ b/net/ipv6/sit.c > @@ -657,6 +657,7 @@ static int ipip6_rcv(struct sk_buff *skb) > if (iptunnel_pull_header(skb, 0, htons(ETH_P_IPV6), > !net_eq(tunnel->net, dev_net(tunnel->dev)))) > goto out; > + iph = ip_hdr(skb); > > err = IP_ECN_decapsulate(iph, skb); > if (unlikely(err)) { This seems unnecessary. By the time ipip6_rcv() is called, we already have the guarantee the IPv4 header is in skb linear part. Otherwise we could not use iph->saddr and iph->daddr in the call to ipip6_tunnel_lookup() Therefore, the pskb_may_pull() is a nop in this particular case.
From: 严海双 <yanhaishuang@cmss.chinamobile.com> Date: Tue, 6 Jun 2017 10:09:45 +0800 > >> On 5 Jun 2017, at 9:03 PM, Eric Dumazet <eric.dumazet@gmail.com> wrote: >> >> On Sun, 2017-06-04 at 14:43 +0800, Haishuang Yan wrote: >>> Since iptunnel_pull_header() can call pskb_may_pull(), >>> we must reload any pointer that was related to skb->head. >>> >>> Fixes: a09a4c8dd1ec ("tunnels: Remove encapsulation offloads on decap") >>> Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com> >>> --- >>> net/ipv6/sit.c | 1 + >>> 1 file changed, 1 insertion(+) >>> >>> diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c >>> index 61e5902..af832e7 100644 >>> --- a/net/ipv6/sit.c >>> +++ b/net/ipv6/sit.c >>> @@ -657,6 +657,7 @@ static int ipip6_rcv(struct sk_buff *skb) >>> if (iptunnel_pull_header(skb, 0, htons(ETH_P_IPV6), >>> !net_eq(tunnel->net, dev_net(tunnel->dev)))) >>> goto out; >>> + iph = ip_hdr(skb); >>> >>> err = IP_ECN_decapsulate(iph, skb); >>> if (unlikely(err)) { >> >> This seems unnecessary. >> >> By the time ipip6_rcv() is called, we already have the guarantee the >> IPv4 header is in skb linear part. >> >> Otherwise we could not use iph->saddr and iph->daddr in the call to >> ipip6_tunnel_lookup() >> >> Therefore, the pskb_may_pull() is a nop in this particular case. > > Yes, it’s right. Thanks! Ok, I reverted, thanks everyone.
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c index 61e5902..af832e7 100644 --- a/net/ipv6/sit.c +++ b/net/ipv6/sit.c @@ -657,6 +657,7 @@ static int ipip6_rcv(struct sk_buff *skb) if (iptunnel_pull_header(skb, 0, htons(ETH_P_IPV6), !net_eq(tunnel->net, dev_net(tunnel->dev)))) goto out; + iph = ip_hdr(skb); err = IP_ECN_decapsulate(iph, skb); if (unlikely(err)) {
Since iptunnel_pull_header() can call pskb_may_pull(), we must reload any pointer that was related to skb->head. Fixes: a09a4c8dd1ec ("tunnels: Remove encapsulation offloads on decap") Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com> --- net/ipv6/sit.c | 1 + 1 file changed, 1 insertion(+)