linux/drivers/net
Paolo Abeni 22f0708a71 vxlan: fix oops in dev_fill_metadata_dst
Since the commit 0c1d70af92 ("net: use dst_cache for vxlan device")
vxlan_fill_metadata_dst() calls vxlan_get_route() passing a NULL
dst_cache pointer, so the latter should explicitly check for
valid dst_cache ptr. Unfortunately the commit d71785ffc7 ("net: add
dst_cache to ovs vxlan lwtunnel") removed said check.

As a result is possible to trigger a null pointer access calling
vxlan_fill_metadata_dst(), e.g. with:

ovs-vsctl add-br ovs-br0
ovs-vsctl add-port ovs-br0 vxlan0 -- set interface vxlan0 \
	type=vxlan options:remote_ip=192.168.1.1 \
	options:key=1234 options:dst_port=4789 ofport_request=10
ip address add dev ovs-br0 172.16.1.2/24
ovs-vsctl set Bridge ovs-br0 ipfix=@i -- --id=@i create IPFIX \
	targets=\"172.16.1.1:1234\" sampling=1
iperf -c 172.16.1.1 -u -l 1000 -b 10M -t 1 -p 1234

This commit addresses the issue passing to vxlan_get_route() the
dst_cache already available into the lwt info processed by
vxlan_fill_metadata_dst().

Fixes: d71785ffc7 ("net: add dst_cache to ovs vxlan lwtunnel")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Acked-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-17 15:32:06 -05:00
..
appletalk net/appletalk: Fix kernel memory disclosure 2017-01-09 16:34:39 -05:00
arcnet
bonding netns: make struct pernet_operations::id unsigned int 2016-11-18 10:59:15 -05:00
caif
can can: ti_hecc: add missing prepare and unprepare of the clock 2017-01-18 13:03:15 +01:00
cris
dsa net: dsa: bcm_sf2: Utilize nested MDIO read/write 2017-01-08 22:01:22 -05:00
ethernet dpaa_eth: small leak on error 2017-02-17 12:18:43 -05:00
fddi Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
fjes
hamradio NET: mkiss: Fix panic 2017-02-10 13:41:13 -05:00
hippi Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
hyperv Char/misc driver fixes for 4.10-rc7 2017-02-04 10:44:15 -08:00
ieee802154 ieee802154: atusb: fix driver to work with older firmware versions 2017-01-12 22:12:43 +01:00
ipvlan ipvlan: fix multicast processing 2016-12-23 17:53:47 -05:00
irda Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
phy net: phy: Initialize mdio clock at probe function 2017-02-09 17:10:23 -05:00
plip
ppp Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
slip Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
team
usb sierra_net: Skip validating irrelevant fields for IDLE LSIs 2017-02-09 16:41:43 -05:00
vmxnet3 Updates for 4.10 kernel merge window 2016-12-15 12:03:32 -08:00
wan net: wan: slic_ds26522: fix spelling mistake: "configurated" -> "configured" 2016-12-28 15:12:20 -05:00
wimax
wireless rtlwifi: rtl8192ce: Fix loading of incorrect firmware 2017-01-31 09:05:25 +02:00
xen-netback xen-netback: vif counters from int/long to u64 2017-02-13 21:49:53 -05:00
dummy.c dummy: expend mtu range for dummy device 2016-12-07 13:29:45 -05:00
eql.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
geneve.c geneve: avoid use-after-free of skb->data 2016-12-02 14:07:11 -05:00
gtp.c gtp: fix cross netns recv on gtp socket 2017-01-27 10:39:09 -05:00
ifb.c
Kconfig
LICENSE.SRC
loopback.c net: introduce device min_header_len 2017-02-08 13:56:37 -05:00
macsec.c macsec: remove first zero and add attribute name in comments 2016-12-08 13:08:21 -05:00
macvlan.c driver: macvlan: Remove the rcu member of macvlan_port 2016-12-07 13:22:07 -05:00
macvtap.c macvtap: read vnet_hdr_size once 2017-02-06 22:41:27 -05:00
Makefile
mdio.c
mii.c
netconsole.c
nlmon.c nlmon: use core MTU range checking in nlmon driver 2016-12-07 13:28:26 -05:00
ntb_netdev.c
rionet.c
sb1000.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
Space.c
sungem_phy.c
tun.c tun: read vnet_hdr_sz once 2017-02-06 22:41:27 -05:00
veth.c
virtio_net.c virtio_net: reject XDP programs using header adjustment 2017-01-25 22:48:40 -05:00
vrf.c net: vrf: do not allow table id 0 2017-01-11 10:04:01 -05:00
vxlan.c vxlan: fix oops in dev_fill_metadata_dst 2017-02-17 15:32:06 -05:00
xen-netfront.c xen-netfront: Delete rx_refill_timer in xennet_disconnect_backend() 2017-02-10 13:44:49 -05:00