• Jacob Wen's avatar
    l2tp: fix reading optional fields of L2TPv3 · 245426dc
    Jacob Wen authored
    [ Upstream commit 4522a70db7aa5e77526a4079628578599821b193 ]
    
    Use pskb_may_pull() to make sure the optional fields are in skb linear
    parts, so we can safely read them later.
    
    It's easy to reproduce the issue with a net driver that supports paged
    skb data. Just create a L2TPv3 over IP tunnel and then generates some
    network traffic.
    Once reproduced, rx err in /sys/kernel/debug/l2tp/tunnels will increase.
    
    Changes in v4:
    1. s/l2tp_v3_pull_opt/l2tp_v3_ensure_opt_in_linear/
    2. s/tunnel->version != L2TP_HDR_VER_2/tunnel->version == L2TP_HDR_VER_3/
    3. Add 'Fixes' in commit messages.
    
    Changes in v3:
    1. To keep consistency, move the code out of l2tp_recv_common.
    2. Use "net" instead of "net-next", since this is a bug fix.
    
    Changes in v2:
    1. Only fix L2TPv3 to make code simple.
       To fix both L2TPv3 and L2TPv2, we'd better refactor l2tp_recv_common.
       It's complicated to do so.
    2. Reloading pointers after pskb_may_pull
    
    Fixes: f7faffa3 ("l2tp: Add L2TPv3 protocol support")
    Fixes: 0d76751f ("l2tp: Add L2TPv3 IP encapsulation (no UDP) support")
    Fixes: a32e0eec ("l2tp: introduce L2TPv3 IP encapsulation support for IPv6")
    Signed-off-by: default avatarJacob Wen <jian.w.wen@oracle.com>
    Acked-by: default avatarGuillaume Nault <gnault@redhat.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    245426dc
Name
Last commit
Last update
Documentation Loading commit data...
arch Loading commit data...
block Loading commit data...
certs Loading commit data...
crypto Loading commit data...
drivers Loading commit data...
firmware Loading commit data...
fs Loading commit data...
include Loading commit data...
init Loading commit data...
ipc Loading commit data...
kernel Loading commit data...
lib Loading commit data...
mm Loading commit data...
net Loading commit data...
samples Loading commit data...
scripts Loading commit data...
security Loading commit data...
sound Loading commit data...
tools Loading commit data...
usr Loading commit data...
virt Loading commit data...
.get_maintainer.ignore Loading commit data...
.gitignore Loading commit data...
.mailmap Loading commit data...
COPYING Loading commit data...
CREDITS Loading commit data...
Kbuild Loading commit data...
Kconfig Loading commit data...
MAINTAINERS Loading commit data...
Makefile Loading commit data...
README Loading commit data...
REPORTING-BUGS Loading commit data...