From: Pablo Neira Date: Tue, 10 May 2016 19:33:38 +0000 (+0200) Subject: gtp: reload GTPv1 header after pskb_may_pull() X-Git-Tag: v5.15~13631^2~75 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=93edb8c7f94fb3d384790ac8a83c3fb9389f6ca5;p=platform%2Fkernel%2Flinux-starfive.git gtp: reload GTPv1 header after pskb_may_pull() The GTPv1 header flags indicate the presence of optional extensions after this header. Refresh the pointer to the GTPv1 header as skb->head might have be reallocated via pskb_may_pull(). Fixes: 459aa660eb1d ("gtp: add initial driver for datapath of GPRS Tunneling Protocol (GTP-U)") Reported-by: Eric Dumazet Signed-off-by: Pablo Neira Ayuso Signed-off-by: David S. Miller --- diff --git a/drivers/net/gtp.c b/drivers/net/gtp.c index 8ce1104e4fdb..f7caf1e35d83 100644 --- a/drivers/net/gtp.c +++ b/drivers/net/gtp.c @@ -253,6 +253,8 @@ static int gtp1u_udp_encap_recv(struct gtp_dev *gtp, struct sk_buff *skb, if (!pskb_may_pull(skb, hdrlen)) return -1; + gtp1 = (struct gtp1_header *)(skb->data + sizeof(struct udphdr)); + rcu_read_lock(); pctx = gtp1_pdp_find(gtp, ntohl(gtp1->tid)); if (!pctx) {