1 From 8aa06a725fc62fa533b99f85dcbc78a4b66457ee Mon Sep 17 00:00:00 2001
2 From: Hannes Frederic Sowa <hannes@stressinduktion.org>
3 Date: Sun, 29 Sep 2013 05:40:50 +0200
4 Subject: ipv6: gre: correct calculation of max_headroom
6 From: Hannes Frederic Sowa <hannes@stressinduktion.org>
8 [ Upstream commit 3da812d860755925da890e8c713f2d2e2d7b1bae ]
10 gre_hlen already accounts for sizeof(struct ipv6_hdr) + gre header,
11 so initialize max_headroom to zero. Otherwise the
13 if (encap_limit >= 0) {
18 increments an uninitialized variable before max_headroom was reset.
20 Found with coverity: 728539
22 Cc: Dmitry Kozlov <xeb@mail.ru>
23 Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
24 Acked-by: Eric Dumazet <edumazet@google.com>
25 Signed-off-by: David S. Miller <davem@davemloft.net>
26 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
28 net/ipv6/ip6_gre.c | 4 ++--
29 1 file changed, 2 insertions(+), 2 deletions(-)
31 --- a/net/ipv6/ip6_gre.c
32 +++ b/net/ipv6/ip6_gre.c
33 @@ -620,7 +620,7 @@ static netdev_tx_t ip6gre_xmit2(struct s
34 struct ip6_tnl *tunnel = netdev_priv(dev);
35 struct net_device *tdev; /* Device to other host */
36 struct ipv6hdr *ipv6h; /* Our new IP header */
37 - unsigned int max_headroom; /* The extra header space needed */
38 + unsigned int max_headroom = 0; /* The extra header space needed */
40 struct ipv6_tel_txoption opt;
42 @@ -693,7 +693,7 @@ static netdev_tx_t ip6gre_xmit2(struct s
43 tunnel->err_count = 0;
46 - max_headroom = LL_RESERVED_SPACE(tdev) + gre_hlen + dst->header_len;
47 + max_headroom += LL_RESERVED_SPACE(tdev) + gre_hlen + dst->header_len;
49 if (skb_headroom(skb) < max_headroom || skb_shared(skb) ||
50 (skb_cloned(skb) && !skb_clone_writable(skb, 0))) {