diff options
author | Guillaume Nault <gnault@redhat.com> | 2020-10-31 01:07:25 +0100 |
---|---|---|
committer | Jakub Kicinski <kuba@kernel.org> | 2020-11-03 12:55:53 -0800 |
commit | 0992d67bc2bcd723d57c6ee7883bda4524450179 (patch) | |
tree | 903f3d2bf87fd50a0bb247d5297435abfdb651e7 | |
parent | 6d89076e6ef09337a29a7b1ea4fdf2d892be9650 (diff) |
mpls: drop skb's dst in mpls_forward()
Commit 394de110a733 ("net: Added pointer check for
dst->ops->neigh_lookup in dst_neigh_lookup_skb") added a test in
dst_neigh_lookup_skb() to avoid a NULL pointer dereference. The root
cause was the MPLS forwarding code, which doesn't call skb_dst_drop()
on incoming packets. That is, if the packet is received from a
collect_md device, it has a metadata_dst attached to it that doesn't
implement any dst_ops function.
To align the MPLS behaviour with IPv4 and IPv6, let's drop the dst in
mpls_forward(). This way, dst_neigh_lookup_skb() doesn't need to test
->neigh_lookup any more. Let's keep a WARN condition though, to
document the precondition and to ease detection of such problems in the
future.
Signed-off-by: Guillaume Nault <gnault@redhat.com>
Link: https://lore.kernel.org/r/f8c2784c13faa54469a2aac339470b1049ca6b63.1604102750.git.gnault@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-rw-r--r-- | include/net/dst.h | 12 | ||||
-rw-r--r-- | net/mpls/af_mpls.c | 2 |
2 files changed, 7 insertions, 7 deletions
diff --git a/include/net/dst.h b/include/net/dst.h index 8ea8812b0b41..10f0a8399867 100644 --- a/include/net/dst.h +++ b/include/net/dst.h @@ -400,14 +400,12 @@ static inline struct neighbour *dst_neigh_lookup(const struct dst_entry *dst, co static inline struct neighbour *dst_neigh_lookup_skb(const struct dst_entry *dst, struct sk_buff *skb) { - struct neighbour *n = NULL; + struct neighbour *n; - /* The packets from tunnel devices (eg bareudp) may have only - * metadata in the dst pointer of skb. Hence a pointer check of - * neigh_lookup is needed. - */ - if (dst->ops->neigh_lookup) - n = dst->ops->neigh_lookup(dst, skb, NULL); + if (WARN_ON_ONCE(!dst->ops->neigh_lookup)) + return NULL; + + n = dst->ops->neigh_lookup(dst, skb, NULL); return IS_ERR(n) ? NULL : n; } diff --git a/net/mpls/af_mpls.c b/net/mpls/af_mpls.c index f2868a8a50c3..47bab701555f 100644 --- a/net/mpls/af_mpls.c +++ b/net/mpls/af_mpls.c @@ -377,6 +377,8 @@ static int mpls_forward(struct sk_buff *skb, struct net_device *dev, if (!pskb_may_pull(skb, sizeof(*hdr))) goto err; + skb_dst_drop(skb); + /* Read and decode the label */ hdr = mpls_hdr(skb); dec = mpls_entry_decode(hdr); |