| From f15ca723c1ebe6c1a06bc95fda6b62cd87b44559 Mon Sep 17 00:00:00 2001 |
| From: Nicolas Dichtel <nicolas.dichtel@6wind.com> |
| Date: Thu, 25 Jan 2018 19:03:03 +0100 |
| Subject: net: don't call update_pmtu unconditionally |
| |
| From: Nicolas Dichtel <nicolas.dichtel@6wind.com> |
| |
| commit f15ca723c1ebe6c1a06bc95fda6b62cd87b44559 upstream. |
| |
| Some dst_ops (e.g. md_dst_ops)) doesn't set this handler. It may result to: |
| "BUG: unable to handle kernel NULL pointer dereference at (null)" |
| |
| Let's add a helper to check if update_pmtu is available before calling it. |
| |
| Fixes: 52a589d51f10 ("geneve: update skb dst pmtu on tx path") |
| Fixes: a93bf0ff4490 ("vxlan: update skb dst pmtu on tx path") |
| CC: Roman Kapl <code@rkapl.cz> |
| CC: Xin Long <lucien.xin@gmail.com> |
| Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Cc: Thomas Deutschmann <whissi@gentoo.org> |
| Cc: Eddie Chapman <eddie@ehuk.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| drivers/infiniband/ulp/ipoib/ipoib_cm.c | 3 +-- |
| drivers/net/geneve.c | 4 ++-- |
| drivers/net/vxlan.c | 6 ++---- |
| include/net/dst.h | 8 ++++++++ |
| net/ipv4/ip_tunnel.c | 3 +-- |
| net/ipv4/ip_vti.c | 2 +- |
| net/ipv6/ip6_tunnel.c | 5 ++--- |
| net/ipv6/ip6_vti.c | 2 +- |
| net/ipv6/sit.c | 4 ++-- |
| 9 files changed, 20 insertions(+), 17 deletions(-) |
| |
| --- a/drivers/infiniband/ulp/ipoib/ipoib_cm.c |
| +++ b/drivers/infiniband/ulp/ipoib/ipoib_cm.c |
| @@ -1447,8 +1447,7 @@ void ipoib_cm_skb_too_long(struct net_de |
| struct ipoib_dev_priv *priv = ipoib_priv(dev); |
| int e = skb_queue_empty(&priv->cm.skb_queue); |
| |
| - if (skb_dst(skb)) |
| - skb_dst(skb)->ops->update_pmtu(skb_dst(skb), NULL, skb, mtu); |
| + skb_dst_update_pmtu(skb, mtu); |
| |
| skb_queue_tail(&priv->cm.skb_queue, skb); |
| if (e) |
| --- a/drivers/net/geneve.c |
| +++ b/drivers/net/geneve.c |
| @@ -829,7 +829,7 @@ static int geneve_xmit_skb(struct sk_buf |
| int mtu = dst_mtu(&rt->dst) - sizeof(struct iphdr) - |
| GENEVE_BASE_HLEN - info->options_len - 14; |
| |
| - skb_dst(skb)->ops->update_pmtu(skb_dst(skb), NULL, skb, mtu); |
| + skb_dst_update_pmtu(skb, mtu); |
| } |
| |
| sport = udp_flow_src_port(geneve->net, skb, 1, USHRT_MAX, true); |
| @@ -875,7 +875,7 @@ static int geneve6_xmit_skb(struct sk_bu |
| int mtu = dst_mtu(dst) - sizeof(struct ipv6hdr) - |
| GENEVE_BASE_HLEN - info->options_len - 14; |
| |
| - skb_dst(skb)->ops->update_pmtu(skb_dst(skb), NULL, skb, mtu); |
| + skb_dst_update_pmtu(skb, mtu); |
| } |
| |
| sport = udp_flow_src_port(geneve->net, skb, 1, USHRT_MAX, true); |
| --- a/drivers/net/vxlan.c |
| +++ b/drivers/net/vxlan.c |
| @@ -2158,8 +2158,7 @@ static void vxlan_xmit_one(struct sk_buf |
| if (skb_dst(skb)) { |
| int mtu = dst_mtu(ndst) - VXLAN_HEADROOM; |
| |
| - skb_dst(skb)->ops->update_pmtu(skb_dst(skb), NULL, |
| - skb, mtu); |
| + skb_dst_update_pmtu(skb, mtu); |
| } |
| |
| tos = ip_tunnel_ecn_encap(tos, old_iph, skb); |
| @@ -2200,8 +2199,7 @@ static void vxlan_xmit_one(struct sk_buf |
| if (skb_dst(skb)) { |
| int mtu = dst_mtu(ndst) - VXLAN6_HEADROOM; |
| |
| - skb_dst(skb)->ops->update_pmtu(skb_dst(skb), NULL, |
| - skb, mtu); |
| + skb_dst_update_pmtu(skb, mtu); |
| } |
| |
| tos = ip_tunnel_ecn_encap(tos, old_iph, skb); |
| --- a/include/net/dst.h |
| +++ b/include/net/dst.h |
| @@ -520,4 +520,12 @@ static inline struct xfrm_state *dst_xfr |
| } |
| #endif |
| |
| +static inline void skb_dst_update_pmtu(struct sk_buff *skb, u32 mtu) |
| +{ |
| + struct dst_entry *dst = skb_dst(skb); |
| + |
| + if (dst && dst->ops->update_pmtu) |
| + dst->ops->update_pmtu(dst, NULL, skb, mtu); |
| +} |
| + |
| #endif /* _NET_DST_H */ |
| --- a/net/ipv4/ip_tunnel.c |
| +++ b/net/ipv4/ip_tunnel.c |
| @@ -521,8 +521,7 @@ static int tnl_update_pmtu(struct net_de |
| else |
| mtu = skb_dst(skb) ? dst_mtu(skb_dst(skb)) : dev->mtu; |
| |
| - if (skb_dst(skb)) |
| - skb_dst(skb)->ops->update_pmtu(skb_dst(skb), NULL, skb, mtu); |
| + skb_dst_update_pmtu(skb, mtu); |
| |
| if (skb->protocol == htons(ETH_P_IP)) { |
| if (!skb_is_gso(skb) && |
| --- a/net/ipv4/ip_vti.c |
| +++ b/net/ipv4/ip_vti.c |
| @@ -209,7 +209,7 @@ static netdev_tx_t vti_xmit(struct sk_bu |
| |
| mtu = dst_mtu(dst); |
| if (skb->len > mtu) { |
| - skb_dst(skb)->ops->update_pmtu(skb_dst(skb), NULL, skb, mtu); |
| + skb_dst_update_pmtu(skb, mtu); |
| if (skb->protocol == htons(ETH_P_IP)) { |
| icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, |
| htonl(mtu)); |
| --- a/net/ipv6/ip6_tunnel.c |
| +++ b/net/ipv6/ip6_tunnel.c |
| @@ -652,7 +652,7 @@ ip4ip6_err(struct sk_buff *skb, struct i |
| if (rel_info > dst_mtu(skb_dst(skb2))) |
| goto out; |
| |
| - skb_dst(skb2)->ops->update_pmtu(skb_dst(skb2), NULL, skb2, rel_info); |
| + skb_dst_update_pmtu(skb2, rel_info); |
| } |
| if (rel_type == ICMP_REDIRECT) |
| skb_dst(skb2)->ops->redirect(skb_dst(skb2), NULL, skb2); |
| @@ -1141,8 +1141,7 @@ route_lookup: |
| mtu = 576; |
| } |
| |
| - if (skb_dst(skb) && !t->parms.collect_md) |
| - skb_dst(skb)->ops->update_pmtu(skb_dst(skb), NULL, skb, mtu); |
| + skb_dst_update_pmtu(skb, mtu); |
| if (skb->len - t->tun_hlen - eth_hlen > mtu && !skb_is_gso(skb)) { |
| *pmtu = mtu; |
| err = -EMSGSIZE; |
| --- a/net/ipv6/ip6_vti.c |
| +++ b/net/ipv6/ip6_vti.c |
| @@ -486,7 +486,7 @@ vti6_xmit(struct sk_buff *skb, struct ne |
| |
| mtu = dst_mtu(dst); |
| if (!skb->ignore_df && skb->len > mtu) { |
| - skb_dst(skb)->ops->update_pmtu(dst, NULL, skb, mtu); |
| + skb_dst_update_pmtu(skb, mtu); |
| |
| if (skb->protocol == htons(ETH_P_IPV6)) { |
| if (mtu < IPV6_MIN_MTU) |
| --- a/net/ipv6/sit.c |
| +++ b/net/ipv6/sit.c |
| @@ -925,8 +925,8 @@ static netdev_tx_t ipip6_tunnel_xmit(str |
| df = 0; |
| } |
| |
| - if (tunnel->parms.iph.daddr && skb_dst(skb)) |
| - skb_dst(skb)->ops->update_pmtu(skb_dst(skb), NULL, skb, mtu); |
| + if (tunnel->parms.iph.daddr) |
| + skb_dst_update_pmtu(skb, mtu); |
| |
| if (skb->len > mtu && !skb_is_gso(skb)) { |
| icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); |