Patch "vxlan: Pull inner IP header in vxlan_rcv()." has been added to the 6.8-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    vxlan: Pull inner IP header in vxlan_rcv().

to the 6.8-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     vxlan-pull-inner-ip-header-in-vxlan_rcv.patch
and it can be found in the queue-6.8 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit c6a5b7c44c51fd08dfeda1ae6d92014cd61b4626
Author: Guillaume Nault <gnault@xxxxxxxxxx>
Date:   Tue Apr 30 18:50:13 2024 +0200

    vxlan: Pull inner IP header in vxlan_rcv().
    
    [ Upstream commit f7789419137b18e3847d0cc41afd788c3c00663d ]
    
    Ensure the inner IP header is part of skb's linear data before reading
    its ECN bits. Otherwise we might read garbage.
    One symptom is the system erroneously logging errors like
    "vxlan: non-ECT from xxx.xxx.xxx.xxx with TOS=xxxx".
    
    Similar bugs have been fixed in geneve, ip_tunnel and ip6_tunnel (see
    commit 1ca1ba465e55 ("geneve: make sure to pull inner header in
    geneve_rx()") for example). So let's reuse the same code structure for
    consistency. Maybe we'll can add a common helper in the future.
    
    Fixes: d342894c5d2f ("vxlan: virtual extensible lan")
    Signed-off-by: Guillaume Nault <gnault@xxxxxxxxxx>
    Reviewed-by: Ido Schimmel <idosch@xxxxxxxxxx>
    Reviewed-by: Eric Dumazet <edumazet@xxxxxxxxxx>
    Reviewed-by: Nikolay Aleksandrov <razor@xxxxxxxxxxxxx>
    Reviewed-by: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx>
    Link: https://lore.kernel.org/r/1239c8db54efec341dd6455c77e0380f58923a3c.1714495737.git.gnault@xxxxxxxxxx
    Signed-off-by: Jakub Kicinski <kuba@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/net/vxlan/vxlan_core.c b/drivers/net/vxlan/vxlan_core.c
index 743fcde565b2f..0a0b4a9717cec 100644
--- a/drivers/net/vxlan/vxlan_core.c
+++ b/drivers/net/vxlan/vxlan_core.c
@@ -1674,6 +1674,7 @@ static int vxlan_rcv(struct sock *sk, struct sk_buff *skb)
 	bool raw_proto = false;
 	void *oiph;
 	__be32 vni = 0;
+	int nh;
 
 	/* Need UDP and VXLAN header to be present */
 	if (!pskb_may_pull(skb, VXLAN_HLEN))
@@ -1762,9 +1763,25 @@ static int vxlan_rcv(struct sock *sk, struct sk_buff *skb)
 		skb->pkt_type = PACKET_HOST;
 	}
 
-	oiph = skb_network_header(skb);
+	/* Save offset of outer header relative to skb->head,
+	 * because we are going to reset the network header to the inner header
+	 * and might change skb->head.
+	 */
+	nh = skb_network_header(skb) - skb->head;
+
 	skb_reset_network_header(skb);
 
+	if (!pskb_inet_may_pull(skb)) {
+		DEV_STATS_INC(vxlan->dev, rx_length_errors);
+		DEV_STATS_INC(vxlan->dev, rx_errors);
+		vxlan_vnifilter_count(vxlan, vni, vninode,
+				      VXLAN_VNI_STATS_RX_ERRORS, 0);
+		goto drop;
+	}
+
+	/* Get the outer header. */
+	oiph = skb->head + nh;
+
 	if (!vxlan_ecn_decapsulate(vs, oiph, skb)) {
 		DEV_STATS_INC(vxlan->dev, rx_frame_errors);
 		DEV_STATS_INC(vxlan->dev, rx_errors);




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux