Re: [PATCH net 1/2] ip_tunnel: Fix a memory corruption in ip_tunnel_xmit

[PATCH net 1/2] ip_tunnel: Fix a memory corruption in ip_tunnel_xmit · Steffen Klassert <steffen.klassert@secunet.com> · 2013-09-25
[PATCH net 2/2] ip_tunnel: Add fallback tunnels to the hash lists · Steffen Klassert <steffen.klassert@secunet.com> · 2013-09-25
Re: [PATCH net 2/2] ip_tunnel: Add fallback tunnels to the hash lists · Pravin Shelar <hidden> · 2013-09-25
Re: [PATCH net 2/2] ip_tunnel: Add fallback tunnels to the hash lists · Steffen Klassert <steffen.klassert@secunet.com> · 2013-09-26
Re: [PATCH net 2/2] ip_tunnel: Add fallback tunnels to the hash lists · Pravin Shelar <hidden> · 2013-09-26
Re: [PATCH net 2/2] ip_tunnel: Add fallback tunnels to the hash lists · Steffen Klassert <steffen.klassert@secunet.com> · 2013-09-27
Re: [PATCH net 2/2] ip_tunnel: Add fallback tunnels to the hash lists · Pravin Shelar <hidden> · 2013-09-28
Re: [PATCH net 1/2] ip_tunnel: Fix a memory corruption in ip_tunnel_xmit · Eric Dumazet <hidden> · 2013-09-25
Re: [PATCH net 1/2] ip_tunnel: Fix a memory corruption in ip_tunnel_xmit · Steffen Klassert <steffen.klassert@secunet.com> · 2013-09-25
Re: [PATCH net 1/2] ip_tunnel: Fix a memory corruption in ip_tunnel_xmit · Eric Dumazet <hidden> · 2013-09-25
Re: [PATCH net 1/2] ip_tunnel: Fix a memory corruption in ip_tunnel_xmit · Pravin Shelar <hidden> · 2013-09-25
Re: [PATCH net 1/2] ip_tunnel: Fix a memory corruption in ip_tunnel_xmit · Steffen Klassert <steffen.klassert@secunet.com> · 2013-09-26
Re: [PATCH net 1/2] ip_tunnel: Fix a memory corruption in ip_tunnel_xmit · Pravin Shelar <hidden> · 2013-09-26
Re: [PATCH net 1/2] ip_tunnel: Fix a memory corruption in ip_tunnel_xmit · Steffen Klassert <steffen.klassert@secunet.com> · 2013-09-27
Re: [PATCH net 1/2] ip_tunnel: Fix a memory corruption in ip_tunnel_xmit · Pravin Shelar <hidden> · 2013-09-28
Re: [PATCH net 1/2] ip_tunnel: Fix a memory corruption in ip_tunnel_xmit · David Miller <davem@davemloft.net> · 2013-09-30
Re: [PATCH net 1/2] ip_tunnel: Fix a memory corruption in ip_tunnel_xmit · Steffen Klassert <steffen.klassert@secunet.com> · 2013-10-01

From: David Miller <davem@davemloft.net>
Date: 2013-09-30 18:40:28

From: Pravin Shelar <redacted>
Date: Fri, 27 Sep 2013 19:34:59 -0700

All callers of iptunnel_xmit() are required to setup sufficient
headroom. So skb_push check are not necessary.

This bug shows that such a check is needed, and would have saved
people like Steffen lots of time tracking down the problem.

I think we should re-instate the check.

I also think that __skb_push() is quite dangerous, in general.  And if
it is to be used at all, it should only be used in circumstances where
all of the context necessary to assert that it cannot underflow the
buffer are right there in the same function.

In fact, the whole damn reason for the assertions in skb_push() is the
catch cases where preconditions are not met across functional
boundaries.  Exactly like the case here.

So again, __skb_push() should be changed back to skb_push() here.

Steffen can you respin these patches and make sure to:

1) Add reference to SHA1_ID and commit header line of commit
   introducing this bug, as Eric requested, in this format:

	$SHA1_ID ("Commit header line text.")

2) __skb_push() --> skb_push()

Thank you.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help