[PATCH] ip_tunnel:multicast process cause panic due to skb->_skb

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] ip_tunnel:multicast process cause panic due to skb->_skb_refdst NULL pointer
@ 2014-03-03 12:18 Xin Long
  2014-03-03 20:57 ` David Miller
  0 siblings, 1 reply; 6+ messages in thread
From: Xin Long @ 2014-03-03 12:18 UTC (permalink / raw)
  To: network dev, Hannes Frederic Sowa; +Cc: Xin Long

when ip_tunnel process multicast packets, it may check if the packet is looped
back packet though 'rt_is_output_route(skb_rtable(skb))' in ip_tunnel_rcv(),
but before that , skb->_skb_refdst has been dropped in iptunnel_pull_header(),
so which leads to a panic.

fix the bug: https://bugzilla.kernel.org/show_bug.cgi?id=70681

Signed-off-by: Xin Long <lucien.xin@gmail.com>
---
 net/ipv4/ip_tunnel_core.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/net/ipv4/ip_tunnel_core.c b/net/ipv4/ip_tunnel_core.c
index 6156f4e..88b08aa 100644
--- a/net/ipv4/ip_tunnel_core.c
+++ b/net/ipv4/ip_tunnel_core.c
@@ -108,7 +108,6 @@ int iptunnel_pull_header(struct sk_buff *skb, int hdr_len, __be16 inner_proto)
 	nf_reset(skb);
 	secpath_reset(skb);
 	skb_clear_hash_if_not_l4(skb);
-	skb_dst_drop(skb);
 	skb->vlan_tci = 0;
 	skb_set_queue_mapping(skb, 0);
 	skb->pkt_type = PACKET_HOST;
-- 
1.8.3.1

^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH] ip_tunnel:multicast process cause panic due to skb->_skb_refdst NULL pointer
  2014-03-03 12:18 [PATCH] ip_tunnel:multicast process cause panic due to skb->_skb_refdst NULL pointer Xin Long
@ 2014-03-03 20:57 ` David Miller
  0 siblings, 0 replies; 6+ messages in thread
From: David Miller @ 2014-03-03 20:57 UTC (permalink / raw)
  To: lucien.xin; +Cc: netdev, hannes

From: Xin Long <lucien.xin@gmail.com>
Date: Mon,  3 Mar 2014 20:18:36 +0800

> when ip_tunnel process multicast packets, it may check if the packet is looped
> back packet though 'rt_is_output_route(skb_rtable(skb))' in ip_tunnel_rcv(),
> but before that , skb->_skb_refdst has been dropped in iptunnel_pull_header(),
> so which leads to a panic.
> 
> fix the bug: https://bugzilla.kernel.org/show_bug.cgi?id=70681
> 
> Signed-off-by: Xin Long <lucien.xin@gmail.com>

Applied and queued up for -stable, thank you.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] ip_tunnel:multicast process cause panic due to skb->_skb_refdst NULL pointer
  2014-02-28  1:27   ` lucien xin
@ 2014-03-01 17:33     ` Hannes Frederic Sowa
  0 siblings, 0 replies; 6+ messages in thread
From: Hannes Frederic Sowa @ 2014-03-01 17:33 UTC (permalink / raw)
  To: lucien xin; +Cc: network dev

On Fri, Feb 28, 2014 at 09:27:35AM +0800, lucien xin wrote:
> On Mon, Feb 24, 2014 at 10:58 PM, Hannes Frederic Sowa
> <hannes@stressinduktion.org> wrote:
> >
> > If the packet is locally forwarded we can test for IPCB(skb)->flags &
> > IPSKB_FORWARDED.
> >
> 
> thanks for  your reply,  hannes
> 
> IPSKB_FORWARDED is locally forwarded flag, but in ip_tunnel_rcv(), it
> check if the packet
> is a *looped back packet* (not about locally forwarded), the path is
> __ip_route_output_key()-->
> __mkroute_output()(rth->dst.output = ip_mc_output), then,
> ip_mc_output()-->dev_loopback_xmit(),
>  which happen when inet_sk(sk)->mc_loop =1, and in __mkroute_output(),
> rth->rt_is_input = 0.
>  In that path, IPCB(skb)->flags &IPSKB_FORWARDED always 0.
> 
> so I think 'IPCB(skb)->flags &IPSKB_FORWARDED' cannot meet the goal.

Ok, I see, sorry for the wrong hint, you're absolutely correct.

It seems to me that your original proposal is fine for me.

You would have to repost so it gets back into patchworks.

Thanks,

  Hannes

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] ip_tunnel:multicast process cause panic due to skb->_skb_refdst NULL pointer
  2014-02-24 14:58 ` Hannes Frederic Sowa
@ 2014-02-28  1:27   ` lucien xin
  2014-03-01 17:33     ` Hannes Frederic Sowa
  0 siblings, 1 reply; 6+ messages in thread
From: lucien xin @ 2014-02-28  1:27 UTC (permalink / raw)
  To: Xin Long, network dev

On Mon, Feb 24, 2014 at 10:58 PM, Hannes Frederic Sowa
<hannes@stressinduktion.org> wrote:
>
> If the packet is locally forwarded we can test for IPCB(skb)->flags &
> IPSKB_FORWARDED.
>

thanks for  your reply,  hannes

IPSKB_FORWARDED is locally forwarded flag, but in ip_tunnel_rcv(), it
check if the packet
is a *looped back packet* (not about locally forwarded), the path is
__ip_route_output_key()-->
__mkroute_output()(rth->dst.output = ip_mc_output), then,
ip_mc_output()-->dev_loopback_xmit(),
 which happen when inet_sk(sk)->mc_loop =1, and in __mkroute_output(),
rth->rt_is_input = 0.
 In that path, IPCB(skb)->flags &IPSKB_FORWARDED always 0.

so I think 'IPCB(skb)->flags &IPSKB_FORWARDED' cannot meet the goal.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] ip_tunnel:multicast process cause panic due to skb->_skb_refdst NULL pointer
  2014-02-24  4:35 Xin Long
@ 2014-02-24 14:58 ` Hannes Frederic Sowa
  2014-02-28  1:27   ` lucien xin
  0 siblings, 1 reply; 6+ messages in thread
From: Hannes Frederic Sowa @ 2014-02-24 14:58 UTC (permalink / raw)
  To: Xin Long; +Cc: network dev

On Mon, Feb 24, 2014 at 12:35:19PM +0800, Xin Long wrote:
> when ip_tunnel process multicast packets, it may check if the packet is looped
> back packet though 'rt_is_output_route(skb_rtable(skb))' in ip_tunnel_rcv(),
> but before that , skb->_skb_refdst has been dropped in iptunnel_pull_header(),
> so which leads to a panic.
> 
> fix the bug: https://bugzilla.kernel.org/show_bug.cgi?id=70681

If the packet is locally forwarded we can test for IPCB(skb)->flags &
IPSKB_FORWARDED.

I am not sure if we actually have the correct dst at that point.

Greetings,

  Hannes

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [PATCH] ip_tunnel:multicast process cause panic due to skb->_skb_refdst NULL pointer
@ 2014-02-24  4:35 Xin Long
  2014-02-24 14:58 ` Hannes Frederic Sowa
  0 siblings, 1 reply; 6+ messages in thread
From: Xin Long @ 2014-02-24  4:35 UTC (permalink / raw)
  To: network dev; +Cc: Xin Long

when ip_tunnel process multicast packets, it may check if the packet is looped
back packet though 'rt_is_output_route(skb_rtable(skb))' in ip_tunnel_rcv(),
but before that , skb->_skb_refdst has been dropped in iptunnel_pull_header(),
so which leads to a panic.

fix the bug: https://bugzilla.kernel.org/show_bug.cgi?id=70681

Signed-off-by: Xin Long <lucien.xin@gmail.com>
---
 net/ipv4/ip_tunnel_core.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/net/ipv4/ip_tunnel_core.c b/net/ipv4/ip_tunnel_core.c
index 6156f4e..88b08aa 100644
--- a/net/ipv4/ip_tunnel_core.c
+++ b/net/ipv4/ip_tunnel_core.c
@@ -108,7 +108,6 @@ int iptunnel_pull_header(struct sk_buff *skb, int hdr_len, __be16 inner_proto)
 	nf_reset(skb);
 	secpath_reset(skb);
 	skb_clear_hash_if_not_l4(skb);
-	skb_dst_drop(skb);
 	skb->vlan_tci = 0;
 	skb_set_queue_mapping(skb, 0);
 	skb->pkt_type = PACKET_HOST;
-- 
1.8.3.1

^ permalink raw reply related	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2014-03-03 20:57 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-03-03 12:18 [PATCH] ip_tunnel:multicast process cause panic due to skb->_skb_refdst NULL pointer Xin Long
2014-03-03 20:57 ` David Miller
  -- strict thread matches above, loose matches on Subject: below --
2014-02-24  4:35 Xin Long
2014-02-24 14:58 ` Hannes Frederic Sowa
2014-02-28  1:27   ` lucien xin
2014-03-01 17:33     ` Hannes Frederic Sowa

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.