Commit 7cc46190 authored by Simon Horman's avatar Simon Horman Committed by David S. Miller

net, ipv4, ipv6: Correct assignment of skb->network_header to skb->tail

This corrects an regression introduced by "net: Use 16bits for *_headers
fields of struct skbuff" when NET_SKBUFF_DATA_USES_OFFSET is not set. In
that case skb->tail will be a pointer however skb->network_header is now
an offset.

This patch corrects the problem by adding a wrapper to return skb tail as
an offset regardless of the value of NET_SKBUFF_DATA_USES_OFFSET. It seems
that skb->tail that this offset may be more than 64k and some care has been
taken to treat such cases as an error.
Signed-off-by: default avatarSimon Horman <horms@verge.net.au>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 158874ca
...@@ -1391,6 +1391,11 @@ static inline void skb_set_tail_pointer(struct sk_buff *skb, const int offset) ...@@ -1391,6 +1391,11 @@ static inline void skb_set_tail_pointer(struct sk_buff *skb, const int offset)
skb_reset_tail_pointer(skb); skb_reset_tail_pointer(skb);
skb->tail += offset; skb->tail += offset;
} }
static inline unsigned long skb_tail_offset(const struct sk_buff *skb)
{
return skb->tail;
}
#else /* NET_SKBUFF_DATA_USES_OFFSET */ #else /* NET_SKBUFF_DATA_USES_OFFSET */
static inline unsigned char *skb_tail_pointer(const struct sk_buff *skb) static inline unsigned char *skb_tail_pointer(const struct sk_buff *skb)
{ {
...@@ -1407,6 +1412,10 @@ static inline void skb_set_tail_pointer(struct sk_buff *skb, const int offset) ...@@ -1407,6 +1412,10 @@ static inline void skb_set_tail_pointer(struct sk_buff *skb, const int offset)
skb->tail = skb->data + offset; skb->tail = skb->data + offset;
} }
static inline unsigned long skb_tail_offset(const struct sk_buff *skb)
{
return skb->tail - skb->head;
}
#endif /* NET_SKBUFF_DATA_USES_OFFSET */ #endif /* NET_SKBUFF_DATA_USES_OFFSET */
/* /*
......
...@@ -676,6 +676,8 @@ static void netpoll_neigh_reply(struct sk_buff *skb, struct netpoll_info *npinfo ...@@ -676,6 +676,8 @@ static void netpoll_neigh_reply(struct sk_buff *skb, struct netpoll_info *npinfo
spin_lock_irqsave(&npinfo->rx_lock, flags); spin_lock_irqsave(&npinfo->rx_lock, flags);
list_for_each_entry_safe(np, tmp, &npinfo->rx_np, rx) { list_for_each_entry_safe(np, tmp, &npinfo->rx_np, rx) {
unsigned long tail_offset;
if (!ipv6_addr_equal(daddr, &np->local_ip.in6)) if (!ipv6_addr_equal(daddr, &np->local_ip.in6))
continue; continue;
...@@ -700,7 +702,12 @@ static void netpoll_neigh_reply(struct sk_buff *skb, struct netpoll_info *npinfo ...@@ -700,7 +702,12 @@ static void netpoll_neigh_reply(struct sk_buff *skb, struct netpoll_info *npinfo
hdr->saddr = *saddr; hdr->saddr = *saddr;
hdr->daddr = *daddr; hdr->daddr = *daddr;
send_skb->transport_header = send_skb->tail; tail_offset = skb_tail_offset(skb);
if (tail_offset > 0xffff) {
kfree_skb(send_skb);
continue;
}
skb_set_network_header(send_skb, tail_offset);
skb_put(send_skb, size); skb_put(send_skb, size);
icmp6h = (struct icmp6hdr *)skb_transport_header(skb); icmp6h = (struct icmp6hdr *)skb_transport_header(skb);
......
...@@ -2642,6 +2642,7 @@ static struct sk_buff *fill_packet_ipv4(struct net_device *odev, ...@@ -2642,6 +2642,7 @@ static struct sk_buff *fill_packet_ipv4(struct net_device *odev,
__be16 *svlan_tci = NULL; /* Encapsulates priority and SVLAN ID */ __be16 *svlan_tci = NULL; /* Encapsulates priority and SVLAN ID */
__be16 *svlan_encapsulated_proto = NULL; /* packet type ID field (or len) for SVLAN tag */ __be16 *svlan_encapsulated_proto = NULL; /* packet type ID field (or len) for SVLAN tag */
u16 queue_map; u16 queue_map;
unsigned long tail_offset;
if (pkt_dev->nr_labels) if (pkt_dev->nr_labels)
protocol = htons(ETH_P_MPLS_UC); protocol = htons(ETH_P_MPLS_UC);
...@@ -2708,7 +2709,12 @@ static struct sk_buff *fill_packet_ipv4(struct net_device *odev, ...@@ -2708,7 +2709,12 @@ static struct sk_buff *fill_packet_ipv4(struct net_device *odev,
*vlan_encapsulated_proto = htons(ETH_P_IP); *vlan_encapsulated_proto = htons(ETH_P_IP);
} }
skb->network_header = skb->tail; tail_offset = skb_tail_offset(skb);
if (tail_offset > 0xffff) {
kfree_skb(skb);
return NULL;
}
skb_set_network_header(skb, tail_offset);
skb->transport_header = skb->network_header + sizeof(struct iphdr); skb->transport_header = skb->network_header + sizeof(struct iphdr);
skb_put(skb, sizeof(struct iphdr) + sizeof(struct udphdr)); skb_put(skb, sizeof(struct iphdr) + sizeof(struct udphdr));
skb_set_queue_mapping(skb, queue_map); skb_set_queue_mapping(skb, queue_map);
...@@ -2775,6 +2781,7 @@ static struct sk_buff *fill_packet_ipv6(struct net_device *odev, ...@@ -2775,6 +2781,7 @@ static struct sk_buff *fill_packet_ipv6(struct net_device *odev,
__be16 *svlan_tci = NULL; /* Encapsulates priority and SVLAN ID */ __be16 *svlan_tci = NULL; /* Encapsulates priority and SVLAN ID */
__be16 *svlan_encapsulated_proto = NULL; /* packet type ID field (or len) for SVLAN tag */ __be16 *svlan_encapsulated_proto = NULL; /* packet type ID field (or len) for SVLAN tag */
u16 queue_map; u16 queue_map;
unsigned long tail_offset;
if (pkt_dev->nr_labels) if (pkt_dev->nr_labels)
protocol = htons(ETH_P_MPLS_UC); protocol = htons(ETH_P_MPLS_UC);
...@@ -2822,7 +2829,12 @@ static struct sk_buff *fill_packet_ipv6(struct net_device *odev, ...@@ -2822,7 +2829,12 @@ static struct sk_buff *fill_packet_ipv6(struct net_device *odev,
*vlan_encapsulated_proto = htons(ETH_P_IPV6); *vlan_encapsulated_proto = htons(ETH_P_IPV6);
} }
skb->network_header = skb->tail; tail_offset = skb_tail_offset(skb);
if (tail_offset > 0xffff) {
kfree_skb(skb);
return NULL;
}
skb_set_network_header(skb, tail_offset);
skb->transport_header = skb->network_header + sizeof(struct ipv6hdr); skb->transport_header = skb->network_header + sizeof(struct ipv6hdr);
skb_put(skb, sizeof(struct ipv6hdr) + sizeof(struct udphdr)); skb_put(skb, sizeof(struct ipv6hdr) + sizeof(struct udphdr));
skb_set_queue_mapping(skb, queue_map); skb_set_queue_mapping(skb, queue_map);
......
...@@ -945,6 +945,7 @@ static int ipmr_cache_report(struct mr_table *mrt, ...@@ -945,6 +945,7 @@ static int ipmr_cache_report(struct mr_table *mrt,
struct igmpmsg *msg; struct igmpmsg *msg;
struct sock *mroute_sk; struct sock *mroute_sk;
int ret; int ret;
unsigned long tail_offset;
#ifdef CONFIG_IP_PIMSM #ifdef CONFIG_IP_PIMSM
if (assert == IGMPMSG_WHOLEPKT) if (assert == IGMPMSG_WHOLEPKT)
...@@ -980,7 +981,12 @@ static int ipmr_cache_report(struct mr_table *mrt, ...@@ -980,7 +981,12 @@ static int ipmr_cache_report(struct mr_table *mrt,
/* Copy the IP header */ /* Copy the IP header */
skb->network_header = skb->tail; tail_offset = skb_tail_offset(skb);
if (tail_offset > 0xffff) {
kfree_skb(skb);
return -EINVAL;
}
skb_set_network_header(skb, tail_offset);
skb_put(skb, ihl); skb_put(skb, ihl);
skb_copy_to_linear_data(skb, pkt->data, ihl); skb_copy_to_linear_data(skb, pkt->data, ihl);
ip_hdr(skb)->protocol = 0; /* Flag to the kernel this is a route add */ ip_hdr(skb)->protocol = 0; /* Flag to the kernel this is a route add */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment