diff options
| author | Srinivasarao P <spathi@codeaurora.org> | 2018-10-22 13:59:43 +0530 |
|---|---|---|
| committer | Srinivasarao P <spathi@codeaurora.org> | 2018-10-22 14:00:26 +0530 |
| commit | 392854fb08079416d260c2c5ba6369391eda11d3 (patch) | |
| tree | 42285ec908a4198122132b01300a4daf0e4e0dcb /net/ipv6 | |
| parent | 02d722f11f25bf90751ea82888850501cc255629 (diff) | |
| parent | 3eb8e735195577476e7de568bd11c2832b47d1ad (diff) | |
Merge android-4.4.162 (3eb8e73) into msm-4.4
* refs/heads/tmp-3eb8e73
Linux 4.4.162
HV: properly delay KVP packets when negotiation is in progress
Drivers: hv: kvp: fix IP Failover
Drivers: hv: util: Pass the channel information during the init call
Drivers: hv: utils: Invoke the poll function after handshake
usb: gadget: serial: fix oops when data rx'd after close
ARC: build: Get rid of toolchain check
powerpc/tm: Avoid possible userspace r1 corruption on reclaim
powerpc/tm: Fix userspace r13 corruption
net/mlx4: Use cpumask_available for eq->affinity_mask
Input: atakbd - fix Atari CapsLock behaviour
Input: atakbd - fix Atari keymap
clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs
media: af9035: prevent buffer overflow on write
x86/fpu: Finish excising 'eagerfpu'
x86/fpu: Remove struct fpu::counter
x86/fpu: Remove use_eager_fpu()
KVM: x86: remove eager_fpu field of struct kvm_vcpu_arch
rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096
net: systemport: Fix wake-up interrupt race during resume
net: mvpp2: Extract the correct ethtype from the skb for tx csum offload
team: Forbid enslaving team device to itself
qlcnic: fix Tx descriptor corruption on 82xx devices
net/usb: cancel pending work when unbinding smsc75xx
netlabel: check for IPV4MASK in addrinfo_get
net/ipv6: Display all addresses in output of /proc/net/if_inet6
net: ipv4: update fnhe_pmtu when first hop's MTU changes
ipv4: fix use-after-free in ip_cmsg_recv_dstaddr()
ip_tunnel: be careful when accessing the inner header
ip6_tunnel: be careful when accessing the inner header
bonding: avoid possible dead-lock
bnxt_en: Fix TX timeout during netpoll.
jffs2: return -ERANGE when xattr buffer is too small
xhci: Don't print a warning when setting link state for disabled ports
i2c: i2c-scmi: fix for i2c_smbus_write_block_data
perf script python: Fix export-to-postgresql.py occasional failure
mach64: detect the dot clock divider correctly on sparc
mm/vmstat.c: fix outdated vmstat_text
ext4: add corruption check in ext4_xattr_set_entry()
drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7
ARM: dts: at91: add new compatibility string for macb on sama5d3
net: macb: disable scatter-gather for macb on sama5d3
stmmac: fix valid numbers of unicast filter entries
sound: enable interrupt after dma buffer initialization
mfd: omap-usb-host: Fix dts probe of children
selftests/efivarfs: add required kernel configs
ASoC: sigmadsp: safeload should not have lower byte limit
ASoC: wm8804: Add ACPI support
ANDROID: usb: gadget: f_mtp: Return error if count is negative
ANDROID: x86_64_cuttlefish_defconfig: disable CONFIG_MEMORY_STATE_TIME
Change-Id: Ie69fd3f90302d1ebe0c1217b46d8033fec4180a5
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/addrconf.c | 4 | ||||
| -rw-r--r-- | net/ipv6/ip6_tunnel.c | 13 |
2 files changed, 12 insertions, 5 deletions
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index 199658afa68b..2e478a4ad4c5 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -3858,7 +3858,6 @@ static struct inet6_ifaddr *if6_get_first(struct seq_file *seq, loff_t pos) p++; continue; } - state->offset++; return ifa; } @@ -3882,13 +3881,12 @@ static struct inet6_ifaddr *if6_get_next(struct seq_file *seq, return ifa; } + state->offset = 0; while (++state->bucket < IN6_ADDR_HSIZE) { - state->offset = 0; hlist_for_each_entry_rcu_bh(ifa, &inet6_addr_lst[state->bucket], addr_lst) { if (!net_eq(dev_net(ifa->idev->dev), net)) continue; - state->offset++; return ifa; } } diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c index 3c2468bd0b7c..8d55abb1a689 100644 --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c @@ -1096,7 +1096,7 @@ static inline int ip4ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev) { struct ip6_tnl *t = netdev_priv(dev); - const struct iphdr *iph = ip_hdr(skb); + const struct iphdr *iph; int encap_limit = -1; struct flowi6 fl6; __u8 dsfield; @@ -1104,6 +1104,11 @@ ip4ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev) u8 tproto; int err; + /* ensure we can access the full inner ip header */ + if (!pskb_may_pull(skb, sizeof(struct iphdr))) + return -1; + + iph = ip_hdr(skb); memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); tproto = ACCESS_ONCE(t->parms.proto); @@ -1142,7 +1147,7 @@ static inline int ip6ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev) { struct ip6_tnl *t = netdev_priv(dev); - struct ipv6hdr *ipv6h = ipv6_hdr(skb); + struct ipv6hdr *ipv6h; int encap_limit = -1; __u16 offset; struct flowi6 fl6; @@ -1151,6 +1156,10 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev) u8 tproto; int err; + if (unlikely(!pskb_may_pull(skb, sizeof(*ipv6h)))) + return -1; + + ipv6h = ipv6_hdr(skb); tproto = ACCESS_ONCE(t->parms.proto); if ((tproto != IPPROTO_IPV6 && tproto != 0) || ip6_tnl_addr_conflict(t, ipv6h)) |