In compatible gre module, skb->cb is solely used as ovs_gso_cb.
However, IPCB(skb) also points to skb->cb. IPCB(skb)->flags overlaps
with ovs_gso_cb.tun_dst. As a result, this bug clears the 16-23 bit
in the address of ovs_gso_cb.tun_dst and causes kernel to crash.
Signed-off-by: Yifeng Sun <pkusunyifeng@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Tested-by: Greg Rose <gvrose8192@gmail.com>
Reviewed-by: Greg Rose <gvrose8192@gmail.com>
struct tnl_ptk_info tpi;
__be16 protocol;
- if (dev->type == ARPHRD_ETHER)
- IPCB(skb)->flags = 0;
-
if (dev->header_ops && dev->type == ARPHRD_IP6GRE)
fl6->daddr = ((struct ipv6hdr *)skb->data)->daddr;
else
goto tx_err;
t->parms.o_flags &= ~TUNNEL_KEY;
- IPCB(skb)->flags = 0;
tun_info = ovs_skb_tunnel_info(skb);
if (unlikely(!tun_info ||