[PATCH net-next 1/2] ipv4: ip_tunnel: use net namespace from rtable not socket

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH net-next 1/2] ipv4: ip_tunnel: use net namespace from rtable not socket
@ 2015-04-08 15:01 Hannes Frederic Sowa
  2015-04-08 15:01 ` [PATCH net-next 2/2] ipv6: call iptunnel_xmit with NULL sock pointer if no tunnel sock is available Hannes Frederic Sowa
  2015-04-08 16:09 ` [PATCH net-next 1/2] ipv4: ip_tunnel: use net namespace from rtable not socket David Miller
  0 siblings, 2 replies; 5+ messages in thread
From: Hannes Frederic Sowa @ 2015-04-08 15:01 UTC (permalink / raw)
  To: netdev; +Cc: Rick Jones, David S. Miller

The socket parameter might legally be NULL, thus sock_net is sometimes
causing a NULL pointer dereference. Using net_device pointer in dst_entry
is more reliable.

Fixes: b6a7719aedd7e5c ("ipv4: hash net ptr into fragmentation bucket selection")
Reported-by: Rick Jones <rick.jones2@hp.com>
Cc: Rick Jones <rick.jones2@hp.com>
Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
---
 net/ipv4/ip_tunnel_core.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/ipv4/ip_tunnel_core.c b/net/ipv4/ip_tunnel_core.c
index 8c4dcc4..ce63ab2 100644
--- a/net/ipv4/ip_tunnel_core.c
+++ b/net/ipv4/ip_tunnel_core.c
@@ -74,7 +74,8 @@ int iptunnel_xmit(struct sock *sk, struct rtable *rt, struct sk_buff *skb,
 	iph->daddr	=	dst;
 	iph->saddr	=	src;
 	iph->ttl	=	ttl;
-	__ip_select_ident(sock_net(sk), iph, skb_shinfo(skb)->gso_segs ?: 1);
+	__ip_select_ident(dev_net(rt->dst.dev), iph,
+			  skb_shinfo(skb)->gso_segs ?: 1);

 	err = ip_local_out_sk(sk, skb);
 	if (unlikely(net_xmit_eval(err)))
-- 
2.1.0

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [PATCH net-next 2/2] ipv6: call iptunnel_xmit with NULL sock pointer if no tunnel sock is available
  2015-04-08 15:01 [PATCH net-next 1/2] ipv4: ip_tunnel: use net namespace from rtable not socket Hannes Frederic Sowa
@ 2015-04-08 15:01 ` Hannes Frederic Sowa
  2015-04-08 16:10   ` David Miller
  2015-04-08 16:09 ` [PATCH net-next 1/2] ipv4: ip_tunnel: use net namespace from rtable not socket David Miller
  1 sibling, 1 reply; 5+ messages in thread
From: Hannes Frederic Sowa @ 2015-04-08 15:01 UTC (permalink / raw)
  To: netdev

Fixes: 79b16aadea32cce ("udp_tunnel: Pass UDP socket down through udp_tunnel{, 6}_xmit_skb().")
Reported-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
---
 net/ipv6/sit.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
index 6cf2026..ac35a28 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -983,7 +983,7 @@ static netdev_tx_t ipip6_tunnel_xmit(struct sk_buff *skb,
 
 	skb_set_inner_ipproto(skb, IPPROTO_IPV6);
 
-	err = iptunnel_xmit(skb->sk, rt, skb, fl4.saddr, fl4.daddr,
+	err = iptunnel_xmit(NULL, rt, skb, fl4.saddr, fl4.daddr,
 			    protocol, tos, ttl, df,
 			    !net_eq(tunnel->net, dev_net(dev)));
 	iptunnel_xmit_stats(err, &dev->stats, dev->tstats);
-- 
2.1.0

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH net-next 1/2] ipv4: ip_tunnel: use net namespace from rtable not socket
  2015-04-08 15:01 [PATCH net-next 1/2] ipv4: ip_tunnel: use net namespace from rtable not socket Hannes Frederic Sowa
  2015-04-08 15:01 ` [PATCH net-next 2/2] ipv6: call iptunnel_xmit with NULL sock pointer if no tunnel sock is available Hannes Frederic Sowa
@ 2015-04-08 16:09 ` David Miller
  2015-04-08 17:31   ` Rick Jones
  1 sibling, 1 reply; 5+ messages in thread
From: David Miller @ 2015-04-08 16:09 UTC (permalink / raw)
  To: hannes; +Cc: netdev, rick.jones2

From: Hannes Frederic Sowa <hannes@stressinduktion.org>
Date: Wed,  8 Apr 2015 17:01:22 +0200

> The socket parameter might legally be NULL, thus sock_net is sometimes
> causing a NULL pointer dereference. Using net_device pointer in dst_entry
> is more reliable.
> 
> Fixes: b6a7719aedd7e5c ("ipv4: hash net ptr into fragmentation bucket selection")
> Reported-by: Rick Jones <rick.jones2@hp.com>
> Cc: Rick Jones <rick.jones2@hp.com>
> Cc: David S. Miller <davem@davemloft.net>
> Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>

Applied.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH net-next 2/2] ipv6: call iptunnel_xmit with NULL sock pointer if no tunnel sock is available
  2015-04-08 15:01 ` [PATCH net-next 2/2] ipv6: call iptunnel_xmit with NULL sock pointer if no tunnel sock is available Hannes Frederic Sowa
@ 2015-04-08 16:10   ` David Miller
  0 siblings, 0 replies; 5+ messages in thread
From: David Miller @ 2015-04-08 16:10 UTC (permalink / raw)
  To: hannes; +Cc: netdev

From: Hannes Frederic Sowa <hannes@stressinduktion.org>
Date: Wed,  8 Apr 2015 17:01:23 +0200

> Fixes: 79b16aadea32cce ("udp_tunnel: Pass UDP socket down through udp_tunnel{, 6}_xmit_skb().")
> Reported-by: David S. Miller <davem@davemloft.net>
> Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>

Applied.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH net-next 1/2] ipv4: ip_tunnel: use net namespace from rtable not socket
  2015-04-08 16:09 ` [PATCH net-next 1/2] ipv4: ip_tunnel: use net namespace from rtable not socket David Miller
@ 2015-04-08 17:31   ` Rick Jones
  0 siblings, 0 replies; 5+ messages in thread
From: Rick Jones @ 2015-04-08 17:31 UTC (permalink / raw)
  To: David Miller, hannes; +Cc: netdev

On 04/08/2015 09:09 AM, David Miller wrote:
> From: Hannes Frederic Sowa <hannes@stressinduktion.org>
> Date: Wed,  8 Apr 2015 17:01:22 +0200
>
>> The socket parameter might legally be NULL, thus sock_net is sometimes
>> causing a NULL pointer dereference. Using net_device pointer in dst_entry
>> is more reliable.
>>
>> Fixes: b6a7719aedd7e5c ("ipv4: hash net ptr into fragmentation bucket selection")
>> Reported-by: Rick Jones <rick.jones2@hp.com>
>> Cc: Rick Jones <rick.jones2@hp.com>
>> Cc: David S. Miller <davem@davemloft.net>
>> Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
>
> Applied.

Horses, barn doors, crossed i's and dotted t's but I can report that 
with that in place the problem I reported in "VxLAN system wedge in 
4.0.0-rc5+ from davem net-next?" no longer happens.

rick

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2015-04-08 17:31 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-04-08 15:01 [PATCH net-next 1/2] ipv4: ip_tunnel: use net namespace from rtable not socket Hannes Frederic Sowa
2015-04-08 15:01 ` [PATCH net-next 2/2] ipv6: call iptunnel_xmit with NULL sock pointer if no tunnel sock is available Hannes Frederic Sowa
2015-04-08 16:10   ` David Miller
2015-04-08 16:09 ` [PATCH net-next 1/2] ipv4: ip_tunnel: use net namespace from rtable not socket David Miller
2015-04-08 17:31   ` Rick Jones

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).