Message ID | 20191113192912.17546-2-andrea.mayer@uniroma2.it |
---|---|
State | Changes Requested |
Delegated to: | David Miller |
Headers | show |
Series | seg6: improvements to Segment Routing in IPv6 | expand |
From: Andrea Mayer <andrea.mayer@uniroma2.it> Date: Wed, 13 Nov 2019 20:29:10 +0100 > pskb_may_pull may change pointers in header. For this reason, it is > mandatory to reload any pointer that points into skb header. > > Signed-off-by: Andrea Mayer <andrea.mayer@uniroma2.it> This is a bug fix and must be separated out and submitted to 'net'. Then you must wait until 'net' is merged into 'net-next' so that you can cleanly resubmit the other changes in this series which add the new features. Actually, patch #2 looks like a bug fix as well.
On Thu, 14 Nov 2019 17:45:12 -0800 (PST) David Miller <davem@davemloft.net> wrote: > From: Andrea Mayer <andrea.mayer@uniroma2.it> > Date: Wed, 13 Nov 2019 20:29:10 +0100 > > > pskb_may_pull may change pointers in header. For this reason, it is > > mandatory to reload any pointer that points into skb header. > > > > Signed-off-by: Andrea Mayer <andrea.mayer@uniroma2.it> > > This is a bug fix and must be separated out and submitted to 'net'. > > Then you must wait until 'net' is merged into 'net-next' so that you > can cleanly resubmit the other changes in this series which add the > new features. > > Actually, patch #2 looks like a bug fix as well. Hi, thanks for your review. I will submit the first two patches to 'net'. Regards, Andrea Mayer
diff --git a/net/ipv6/seg6_local.c b/net/ipv6/seg6_local.c index 9d4f75e0d33a..e187dec2eed1 100644 --- a/net/ipv6/seg6_local.c +++ b/net/ipv6/seg6_local.c @@ -75,12 +75,16 @@ static struct ipv6_sr_hdr *get_srh(struct sk_buff *skb) return NULL; srh = (struct ipv6_sr_hdr *)(skb->data + srhoff); - len = (srh->hdrlen + 1) << 3; if (!pskb_may_pull(skb, srhoff + len)) return NULL; + /* note that pskb_may_pull may change pointers in header; + * for this reason it is necessary to reload them when needed. + */ + srh = (struct ipv6_sr_hdr *)(skb->data + srhoff); + if (!seg6_validate_srh(srh, len)) return NULL;
pskb_may_pull may change pointers in header. For this reason, it is mandatory to reload any pointer that points into skb header. Signed-off-by: Andrea Mayer <andrea.mayer@uniroma2.it> --- net/ipv6/seg6_local.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)