Message ID | 46878d19779a655995b36701de854cb23a3bf4b5.1428505261.git.hannes@stressinduktion.org |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
From: Hannes Frederic Sowa <hannes@stressinduktion.org> Date: Wed, 8 Apr 2015 17:01:22 +0200 > The socket parameter might legally be NULL, thus sock_net is sometimes > causing a NULL pointer dereference. Using net_device pointer in dst_entry > is more reliable. > > Fixes: b6a7719aedd7e5c ("ipv4: hash net ptr into fragmentation bucket selection") > Reported-by: Rick Jones <rick.jones2@hp.com> > Cc: Rick Jones <rick.jones2@hp.com> > Cc: David S. Miller <davem@davemloft.net> > Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Applied. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 04/08/2015 09:09 AM, David Miller wrote: > From: Hannes Frederic Sowa <hannes@stressinduktion.org> > Date: Wed, 8 Apr 2015 17:01:22 +0200 > >> The socket parameter might legally be NULL, thus sock_net is sometimes >> causing a NULL pointer dereference. Using net_device pointer in dst_entry >> is more reliable. >> >> Fixes: b6a7719aedd7e5c ("ipv4: hash net ptr into fragmentation bucket selection") >> Reported-by: Rick Jones <rick.jones2@hp.com> >> Cc: Rick Jones <rick.jones2@hp.com> >> Cc: David S. Miller <davem@davemloft.net> >> Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> > > Applied. Horses, barn doors, crossed i's and dotted t's but I can report that with that in place the problem I reported in "VxLAN system wedge in 4.0.0-rc5+ from davem net-next?" no longer happens. rick -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv4/ip_tunnel_core.c b/net/ipv4/ip_tunnel_core.c index 8c4dcc4..ce63ab2 100644 --- a/net/ipv4/ip_tunnel_core.c +++ b/net/ipv4/ip_tunnel_core.c @@ -74,7 +74,8 @@ int iptunnel_xmit(struct sock *sk, struct rtable *rt, struct sk_buff *skb, iph->daddr = dst; iph->saddr = src; iph->ttl = ttl; - __ip_select_ident(sock_net(sk), iph, skb_shinfo(skb)->gso_segs ?: 1); + __ip_select_ident(dev_net(rt->dst.dev), iph, + skb_shinfo(skb)->gso_segs ?: 1); err = ip_local_out_sk(sk, skb); if (unlikely(net_xmit_eval(err)))
The socket parameter might legally be NULL, thus sock_net is sometimes causing a NULL pointer dereference. Using net_device pointer in dst_entry is more reliable. Fixes: b6a7719aedd7e5c ("ipv4: hash net ptr into fragmentation bucket selection") Reported-by: Rick Jones <rick.jones2@hp.com> Cc: Rick Jones <rick.jones2@hp.com> Cc: David S. Miller <davem@davemloft.net> Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> --- net/ipv4/ip_tunnel_core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)