summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWei Zhang <asuka.com@163.com>2014-06-28 21:34:53 +0200
committerPravin B Shelar <pshelar@nicira.com>2014-06-29 23:10:48 +0200
commite0bb8c44ed5cfcc56b571758ed966ee48779024c (patch)
treebe67488d53526607888b26803f2445029c3e8470
parentopenvswitch: Fix a double free bug for the sample action (diff)
downloadlinux-e0bb8c44ed5cfcc56b571758ed966ee48779024c.tar.xz
linux-e0bb8c44ed5cfcc56b571758ed966ee48779024c.zip
openvswitch: supply a dummy err_handler of gre_cisco_protocol to prevent kernel crash
When use gre vport, openvswitch register a gre_cisco_protocol but does not supply a err_handler with it. The gre_cisco_err() in net/ipv4/gre_demux.c expect err_handler be provided with the gre_cisco_protocol implementation, and call ->err_handler() without existence check, cause the kernel crash. This patch provide a err_handler to fix this bug. This bug introduced by commit aa310701e787087d (openvswitch: Add gre tunnel support.) Signed-off-by: Wei Zhang <asuka.com@163.com> Signed-off-by: Jesse Gross <jesse@nicira.com> Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
-rw-r--r--net/openvswitch/vport-gre.c17
1 files changed, 17 insertions, 0 deletions
diff --git a/net/openvswitch/vport-gre.c b/net/openvswitch/vport-gre.c
index 35ec4fed09e2..f49148a07da2 100644
--- a/net/openvswitch/vport-gre.c
+++ b/net/openvswitch/vport-gre.c
@@ -110,6 +110,22 @@ static int gre_rcv(struct sk_buff *skb,
return PACKET_RCVD;
}
+/* Called with rcu_read_lock and BH disabled. */
+static int gre_err(struct sk_buff *skb, u32 info,
+ const struct tnl_ptk_info *tpi)
+{
+ struct ovs_net *ovs_net;
+ struct vport *vport;
+
+ ovs_net = net_generic(dev_net(skb->dev), ovs_net_id);
+ vport = rcu_dereference(ovs_net->vport_net.gre_vport);
+
+ if (unlikely(!vport))
+ return PACKET_REJECT;
+ else
+ return PACKET_RCVD;
+}
+
static int gre_tnl_send(struct vport *vport, struct sk_buff *skb)
{
struct net *net = ovs_dp_get_net(vport->dp);
@@ -186,6 +202,7 @@ error:
static struct gre_cisco_protocol gre_protocol = {
.handler = gre_rcv,
+ .err_handler = gre_err,
.priority = 1,
};