ip6_gre: Fix a bug that clears address bits

In compatible gre module, skb->cb is solely used as ovs_gso_cb.
However, IPCB(skb) also points to skb->cb. IPCB(skb)->flags overlaps
with ovs_gso_cb.tun_dst. As a result, this bug clears the 16-23 bit
in the address of ovs_gso_cb.tun_dst and causes kernel to crash.

Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Tested-by: Greg Rose <gvrose8192@gmail.com>
Reviewed-by: Greg Rose <gvrose8192@gmail.com>

diff --git a/datapath/linux/compat/ip6_gre.c b/datapath/linux/compat/ip6_gre.c
index 54a76aba5169ae8c64f57ac38bcedb0a0fe5ab77..390445583ac4301fb208bbf975fdc180c418647d 100644 (file)
--- a/datapath/linux/compat/ip6_gre.c
+++ b/datapath/linux/compat/ip6_gre.c
@@ -876,9 +876,6 @@ static netdev_tx_t __gre6_xmit(struct sk_buff *skb,
        struct tnl_ptk_info tpi;
        __be16 protocol;
 
-       if (dev->type == ARPHRD_ETHER)
-               IPCB(skb)->flags = 0;
-
        if (dev->header_ops && dev->type == ARPHRD_IP6GRE)
                fl6->daddr = ((struct ipv6hdr *)skb->data)->daddr;
        else
@@ -1146,7 +1143,6 @@ static netdev_tx_t ip6erspan_tunnel_xmit(struct sk_buff *skb,
                goto tx_err;
 
        t->parms.o_flags &= ~TUNNEL_KEY;
-       IPCB(skb)->flags = 0;
 
        tun_info = ovs_skb_tunnel_info(skb);
        if (unlikely(!tun_info ||