[NET]: Make packet reception network namespace safe

[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / ipv6 / ip6_input.c

diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c
index 4fdded0e545a4a45449d6a6fdc9a5f24d78e0014..7d18cac3f1109d1df736106d6a562f8830f8fadb 100644 (file)
--- a/net/ipv6/ip6_input.c
+++ b/net/ipv6/ip6_input.c
@@ -25,7 +25,6 @@
 #include <linux/types.h>
 #include <linux/socket.h>
 #include <linux/sockios.h>
-#include <linux/sched.h>
 #include <linux/net.h>
 #include <linux/netdevice.h>
 #include <linux/in6.h>
@@ -62,6 +61,11 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt
        u32             pkt_len;
        struct inet6_dev *idev;
 
+       if (dev->nd_net != &init_net) {
+               kfree_skb(skb);
+               return 0;
+       }
+
        if (skb->pkt_type == PACKET_OTHERHOST) {
                kfree_skb(skb);
                return 0;
@@ -97,25 +101,27 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt
        if (unlikely(!pskb_may_pull(skb, sizeof(*hdr))))
                goto err;
 
-       hdr = skb->nh.ipv6h;
+       hdr = ipv6_hdr(skb);
 
        if (hdr->version != 6)
                goto err;
 
-       skb->h.raw = (u8 *)(hdr + 1);
+       skb->transport_header = skb->network_header + sizeof(*hdr);
        IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr);
 
        pkt_len = ntohs(hdr->payload_len);
 
        /* pkt_len may be zero if Jumbo payload option is present */
        if (pkt_len || hdr->nexthdr != NEXTHDR_HOP) {
-               if (pkt_len + sizeof(struct ipv6hdr) > skb->len)
-                       goto truncated;
+               if (pkt_len + sizeof(struct ipv6hdr) > skb->len) {
+                       IP6_INC_STATS_BH(idev, IPSTATS_MIB_INTRUNCATEDPKTS);
+                       goto drop;
+               }
                if (pskb_trim_rcsum(skb, pkt_len + sizeof(struct ipv6hdr))) {
                        IP6_INC_STATS_BH(idev, IPSTATS_MIB_INHDRERRORS);
                        goto drop;
                }
-               hdr = skb->nh.ipv6h;
+               hdr = ipv6_hdr(skb);
        }
 
        if (hdr->nexthdr == NEXTHDR_HOP) {
@@ -129,8 +135,6 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt
        rcu_read_unlock();
 
        return NF_HOOK(PF_INET6,NF_IP6_PRE_ROUTING, skb, dev, NULL, ip6_rcv_finish);
-truncated:
-       IP6_INC_STATS_BH(idev, IPSTATS_MIB_INTRUNCATEDPKTS);
 err:
        IP6_INC_STATS_BH(idev, IPSTATS_MIB_INHDRERRORS);
 drop:
@@ -161,10 +165,10 @@ static inline int ip6_input_finish(struct sk_buff *skb)
        rcu_read_lock();
 resubmit:
        idev = ip6_dst_idev(skb->dst);
-       if (!pskb_pull(skb, skb->h.raw - skb->data))
+       if (!pskb_pull(skb, skb_transport_offset(skb)))
                goto discard;
        nhoff = IP6CB(skb)->nhoff;
-       nexthdr = skb->nh.raw[nhoff];
+       nexthdr = skb_network_header(skb)[nhoff];
 
        raw_sk = sk_head(&raw_v6_htable[nexthdr & (MAX_INET_PROTOS - 1)]);
        if (raw_sk && !ipv6_raw_deliver(skb, nexthdr))
@@ -182,9 +186,9 @@ resubmit:
                           indefinitely. */
                        nf_reset(skb);
 
-                       skb_postpull_rcsum(skb, skb->nh.raw,
-                                          skb->h.raw - skb->nh.raw);
-                       hdr = skb->nh.ipv6h;
+                       skb_postpull_rcsum(skb, skb_network_header(skb),
+                                          skb_network_header_len(skb));
+                       hdr = ipv6_hdr(skb);
                        if (ipv6_addr_is_multicast(&hdr->daddr) &&
                            !ipv6_chk_mcast_addr(skb->dev, &hdr->daddr,
                            &hdr->saddr) &&
@@ -235,8 +239,8 @@ int ip6_mc_input(struct sk_buff *skb)
 
        IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), IPSTATS_MIB_INMCASTPKTS);
 
-       hdr = skb->nh.ipv6h;
-       deliver = likely(!(skb->dev->flags & (IFF_PROMISC|IFF_ALLMULTI))) ||
+       hdr = ipv6_hdr(skb);
+       deliver = unlikely(skb->dev->flags & (IFF_PROMISC|IFF_ALLMULTI)) ||
            ipv6_chk_mcast_addr(skb->dev, &hdr->daddr, NULL);
 
        /*