[hardy CVE 1/1] gre: fix netns vs proto registration ordering

[Andy Whitcroft]

From: Alexey Dobriyan <adobriyan at gmail.com>

GRE protocol receive hook can be called right after protocol addition is done.
If netns stuff is not yet initialized, we're going to oops in
net_generic().

This is remotely oopsable if ip_gre is compiled as module and packet
comes at unfortunate moment of module loading.

Signed-off-by: Alexey Dobriyan <adobriyan at gmail.com>
Signed-off-by: David S. Miller <davem at davemloft.net>

(backport from commit c2892f02712e9516d72841d5c019ed6916329794)
CVE-2011-1767
BugLink: http://bugs.launchpad.net/bugs/869213
Signed-off-by: Andy Whitcroft <apw at canonical.com>
---
 net/ipv4/ip_gre.c |   18 ++++++++++--------
 1 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index 4b93f32..73da30a 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -1268,28 +1268,30 @@ static int __init ipgre_init(void)
 
 	printk(KERN_INFO "GRE over IPv4 tunneling driver\n");
 
-	if (inet_add_protocol(&ipgre_protocol, IPPROTO_GRE) < 0) {
-		printk(KERN_INFO "ipgre init: can't add protocol\n");
-		return -EAGAIN;
-	}
-
 	ipgre_fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel), "gre0",
 					   ipgre_tunnel_setup);
 	if (!ipgre_fb_tunnel_dev) {
 		err = -ENOMEM;
-		goto err1;
+		goto out;;
 	}
 
 	ipgre_fb_tunnel_dev->init = ipgre_fb_tunnel_init;
 
 	if ((err = register_netdev(ipgre_fb_tunnel_dev)))
+		goto err1;
+
+	if (inet_add_protocol(&ipgre_protocol, IPPROTO_GRE) < 0) {
+		printk(KERN_INFO "ipgre init: can't add protocol\n");
+		err = -EAGAIN;
 		goto err2;
+	}
+
 out:
 	return err;
 err2:
-	free_netdev(ipgre_fb_tunnel_dev);
+	unregister_netdev(ipgre_fb_tunnel_dev);
 err1:
-	inet_del_protocol(&ipgre_protocol, IPPROTO_GRE);
+	free_netdev(ipgre_fb_tunnel_dev);
 	goto out;
 }
 
-- 
1.7.5.4