Message ID | 1563969642-11843-1-git-send-email-yanhaishuang@cmss.chinamobile.com |
---|---|
State | Accepted |
Delegated to: | David Miller |
Headers | show |
Series | ip6_gre: reload ipv6h in prepare_ip6gre_xmit_ipv6 | expand |
On Wed, Jul 24, 2019 at 08:00:42PM +0800, Haishuang Yan wrote: > Since ip6_tnl_parse_tlv_enc_lim() can call pskb_may_pull() > which may change skb->data, so we need to re-load ipv6h at > the right place. > > Fixes: 898b29798e36 ("ip6_gre: Refactor ip6gre xmit codes") > Cc: William Tu <u9012063@gmail.com> > Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com> LGTM, thanks for the fix Acked-by: William Tu <u9012063@gmail.com> > --- > net/ipv6/ip6_gre.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c > index c2049c7..dd2d0b96 100644 > --- a/net/ipv6/ip6_gre.c > +++ b/net/ipv6/ip6_gre.c > @@ -660,12 +660,13 @@ static int prepare_ip6gre_xmit_ipv6(struct sk_buff *skb, > struct flowi6 *fl6, __u8 *dsfield, > int *encap_limit) > { > - struct ipv6hdr *ipv6h = ipv6_hdr(skb); > + struct ipv6hdr *ipv6h; > struct ip6_tnl *t = netdev_priv(dev); > __u16 offset; > > offset = ip6_tnl_parse_tlv_enc_lim(skb, skb_network_header(skb)); > /* ip6_tnl_parse_tlv_enc_lim() might have reallocated skb->head */ > + ipv6h = ipv6_hdr(skb); > > if (offset > 0) { > struct ipv6_tlv_tnl_enc_lim *tel; > -- > 1.8.3.1 > > >
From: Haishuang Yan <yanhaishuang@cmss.chinamobile.com> Date: Wed, 24 Jul 2019 20:00:42 +0800 > Since ip6_tnl_parse_tlv_enc_lim() can call pskb_may_pull() > which may change skb->data, so we need to re-load ipv6h at > the right place. > > Fixes: 898b29798e36 ("ip6_gre: Refactor ip6gre xmit codes") > Cc: William Tu <u9012063@gmail.com> > Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com> Applied and queued up for -stable, thanks.
diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c index c2049c7..dd2d0b96 100644 --- a/net/ipv6/ip6_gre.c +++ b/net/ipv6/ip6_gre.c @@ -660,12 +660,13 @@ static int prepare_ip6gre_xmit_ipv6(struct sk_buff *skb, struct flowi6 *fl6, __u8 *dsfield, int *encap_limit) { - struct ipv6hdr *ipv6h = ipv6_hdr(skb); + struct ipv6hdr *ipv6h; struct ip6_tnl *t = netdev_priv(dev); __u16 offset; offset = ip6_tnl_parse_tlv_enc_lim(skb, skb_network_header(skb)); /* ip6_tnl_parse_tlv_enc_lim() might have reallocated skb->head */ + ipv6h = ipv6_hdr(skb); if (offset > 0) { struct ipv6_tlv_tnl_enc_lim *tel;
Since ip6_tnl_parse_tlv_enc_lim() can call pskb_may_pull() which may change skb->data, so we need to re-load ipv6h at the right place. Fixes: 898b29798e36 ("ip6_gre: Refactor ip6gre xmit codes") Cc: William Tu <u9012063@gmail.com> Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com> --- net/ipv6/ip6_gre.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)