This is a note to let you know that I've just added the patch titled
vlan: adjust vlan_set_encap_proto() for its callers
to the 3.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
vlan-adjust-vlan_set_encap_proto-for-its-callers.patch
and it can be found in the queue-3.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 1591b8595fd6cde710c399e5ab325fee269644a3 Mon Sep 17 00:00:00 2001
From: Cong Wang <amwang@xxxxxxxxxx>
Date: Thu, 21 Feb 2013 23:32:27 +0000
Subject: vlan: adjust vlan_set_encap_proto() for its callers
From: Cong Wang <amwang@xxxxxxxxxx>
[ Upstream commit da8c87241c26aac81a64c7e4d21d438a33018f4e ]
There are two places to call vlan_set_encap_proto():
vlan_untag() and __pop_vlan_tci().
vlan_untag() assumes skb->data points after mac addr, otherwise
the following code
vhdr = (struct vlan_hdr *) skb->data;
vlan_tci = ntohs(vhdr->h_vlan_TCI);
__vlan_hwaccel_put_tag(skb, vlan_tci);
skb_pull_rcsum(skb, VLAN_HLEN);
won't be correct. But __pop_vlan_tci() assumes points _before_
mac addr.
In vlan_set_encap_proto(), it looks for some magic L2 value
after mac addr:
rawp = skb->data;
if (*(unsigned short *) rawp == 0xFFFF)
...
Therefore __pop_vlan_tci() is obviously wrong.
A quick fix is avoiding using skb->data in vlan_set_encap_proto(),
use 'vhdr+1' is always correct in both cases.
Cc: David S. Miller <davem@xxxxxxxxxxxxx>
Cc: Jesse Gross <jesse@xxxxxxxxxx>
Signed-off-by: Cong Wang <amwang@xxxxxxxxxx>
Acked-by: Jesse Gross <jesse@xxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
include/linux/if_vlan.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/include/linux/if_vlan.h
+++ b/include/linux/if_vlan.h
@@ -327,7 +327,7 @@ static inline void vlan_set_encap_proto(
struct vlan_hdr *vhdr)
{
__be16 proto;
- unsigned char *rawp;
+ unsigned short *rawp;
/*
* Was a VLAN packet, grab the encapsulated protocol, which the layer
@@ -340,8 +340,8 @@ static inline void vlan_set_encap_proto(
return;
}
- rawp = skb->data;
- if (*(unsigned short *) rawp == 0xFFFF)
+ rawp = (unsigned short *)(vhdr + 1);
+ if (*rawp == 0xFFFF)
/*
* This is a magic hack to spot IPX packets. Older Novell
* breaks the protocol design and runs IPX over 802.3 without
Patches currently in stable-queue which might be from amwang@xxxxxxxxxx are
queue-3.4/vlan-adjust-vlan_set_encap_proto-for-its-callers.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html