From patchwork Wed Sep 12 09:21:21 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Haishuang Yan X-Patchwork-Id: 968922 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cmss.chinamobile.com Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 429GXn03Hyz9sBZ for ; Wed, 12 Sep 2018 19:23:05 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727790AbeILO0c (ORCPT ); Wed, 12 Sep 2018 10:26:32 -0400 Received: from cmccmta2.chinamobile.com ([221.176.66.80]:59987 "EHLO cmccmta2.chinamobile.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726800AbeILO0c (ORCPT ); Wed, 12 Sep 2018 10:26:32 -0400 Received: from spf.mail.chinamobile.com (unknown[172.16.121.1]) by rmmx-syy-dmz-app08-12008 (RichMail) with SMTP id 2ee85b98dae540c-904bf; Wed, 12 Sep 2018 17:22:45 +0800 (CST) X-RM-TRANSID: 2ee85b98dae540c-904bf X-RM-TagInfo: emlType=0 X-RM-SPAM-FLAG: 00000000 Received: from localhost (unknown[223.105.0.240]) by rmsmtp-syy-appsvr01-12001 (RichMail) with SMTP id 2ee15b98dae4c31-63e5c; Wed, 12 Sep 2018 17:22:45 +0800 (CST) X-RM-TRANSID: 2ee15b98dae4c31-63e5c From: Haishuang Yan To: "David S. Miller" , Alexey Kuznetsov Cc: Jiri Benc , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Haishuang Yan Subject: [PATCH v2, net-next 1/2] ip_gre: fix parsing gre header in ipgre_err Date: Wed, 12 Sep 2018 17:21:21 +0800 Message-Id: <1536744082-3568-1-git-send-email-yanhaishuang@cmss.chinamobile.com> X-Mailer: git-send-email 1.8.3.1 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org gre_parse_header stops parsing when csum_err is encountered, which means tpi->key is undefined and ip_tunnel_lookup will return NULL improperly. This patch introduce a NULL pointer as csum_err parameter. Even when csum_err is encountered, it won't return error and continue parsing gre header as expected. Fixes: 9f57c67c379d ("gre: Remove support for sharing GRE protocol hook.") Reported-by: Jiri Benc Signed-off-by: Haishuang Yan --- net/ipv4/gre_demux.c | 2 +- net/ipv4/ip_gre.c | 9 +++------ 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/net/ipv4/gre_demux.c b/net/ipv4/gre_demux.c index b798862..679a527 100644 --- a/net/ipv4/gre_demux.c +++ b/net/ipv4/gre_demux.c @@ -86,7 +86,7 @@ int gre_parse_header(struct sk_buff *skb, struct tnl_ptk_info *tpi, options = (__be32 *)(greh + 1); if (greh->flags & GRE_CSUM) { - if (skb_checksum_simple_validate(skb)) { + if (csum_err && skb_checksum_simple_validate(skb)) { *csum_err = true; return -EINVAL; } diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c index 8cce0e9..c3385a8 100644 --- a/net/ipv4/ip_gre.c +++ b/net/ipv4/ip_gre.c @@ -232,13 +232,10 @@ static void gre_err(struct sk_buff *skb, u32 info) const int type = icmp_hdr(skb)->type; const int code = icmp_hdr(skb)->code; struct tnl_ptk_info tpi; - bool csum_err = false; - if (gre_parse_header(skb, &tpi, &csum_err, htons(ETH_P_IP), - iph->ihl * 4) < 0) { - if (!csum_err) /* ignore csum errors. */ - return; - } + if (gre_parse_header(skb, &tpi, NULL, htons(ETH_P_IP), + iph->ihl * 4) < 0) + return; if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) { ipv4_update_pmtu(skb, dev_net(skb->dev), info, From patchwork Wed Sep 12 09:21:22 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Haishuang Yan X-Patchwork-Id: 968921 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=cmss.chinamobile.com Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 429GXg3cZPz9sBx for ; Wed, 12 Sep 2018 19:22:59 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727999AbeILO0d (ORCPT ); Wed, 12 Sep 2018 10:26:33 -0400 Received: from cmccmta2.chinamobile.com ([221.176.66.80]:48971 "EHLO cmccmta2.chinamobile.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726818AbeILO0c (ORCPT ); Wed, 12 Sep 2018 10:26:32 -0400 Received: from spf.mail.chinamobile.com (unknown[172.16.121.7]) by rmmx-syy-dmz-app06-12006 (RichMail) with SMTP id 2ee65b98daeb3b1-90b99; Wed, 12 Sep 2018 17:22:51 +0800 (CST) X-RM-TRANSID: 2ee65b98daeb3b1-90b99 X-RM-TagInfo: emlType=0 X-RM-SPAM-FLAG: 00000000 Received: from localhost (unknown[223.105.0.240]) by rmsmtp-syy-appsvr04-12004 (RichMail) with SMTP id 2ee45b98dae946f-6408d; Wed, 12 Sep 2018 17:22:51 +0800 (CST) X-RM-TRANSID: 2ee45b98dae946f-6408d From: Haishuang Yan To: "David S. Miller" , Alexey Kuznetsov Cc: Jiri Benc , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Haishuang Yan Subject: [PATCH v2, net-next 2/2] ip6_gre: simplify gre header parsing in ip6gre_err Date: Wed, 12 Sep 2018 17:21:22 +0800 Message-Id: <1536744082-3568-2-git-send-email-yanhaishuang@cmss.chinamobile.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1536744082-3568-1-git-send-email-yanhaishuang@cmss.chinamobile.com> References: <1536744082-3568-1-git-send-email-yanhaishuang@cmss.chinamobile.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Same as ip_gre, use gre_parse_header to parse gre header in gre error handler code. Signed-off-by: Haishuang Yan --- net/ipv6/ip6_gre.c | 26 ++++---------------------- 1 file changed, 4 insertions(+), 22 deletions(-) diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c index e493b04..515adbd 100644 --- a/net/ipv6/ip6_gre.c +++ b/net/ipv6/ip6_gre.c @@ -427,35 +427,17 @@ static void ip6gre_err(struct sk_buff *skb, struct inet6_skb_parm *opt, u8 type, u8 code, int offset, __be32 info) { struct net *net = dev_net(skb->dev); - const struct gre_base_hdr *greh; const struct ipv6hdr *ipv6h; - int grehlen = sizeof(*greh); + struct tnl_ptk_info tpi; struct ip6_tnl *t; - int key_off = 0; - __be16 flags; - __be32 key; - if (!pskb_may_pull(skb, offset + grehlen)) - return; - greh = (const struct gre_base_hdr *)(skb->data + offset); - flags = greh->flags; - if (flags & (GRE_VERSION | GRE_ROUTING)) + if (gre_parse_header(skb, &tpi, NULL, htons(ETH_P_IPV6), + offset) < 0) return; - if (flags & GRE_CSUM) - grehlen += 4; - if (flags & GRE_KEY) { - key_off = grehlen + offset; - grehlen += 4; - } - if (!pskb_may_pull(skb, offset + grehlen)) - return; ipv6h = (const struct ipv6hdr *)skb->data; - greh = (const struct gre_base_hdr *)(skb->data + offset); - key = key_off ? *(__be32 *)(skb->data + key_off) : 0; - t = ip6gre_tunnel_lookup(skb->dev, &ipv6h->daddr, &ipv6h->saddr, - key, greh->protocol); + tpi.key, tpi.proto); if (!t) return;