diff --git a/drivers/net/geneve.c b/drivers/net/geneve.c
index 2f6739fe78af2e8e90c0a3b474c2e99c83e02994..6c2835086b57eacbcddb44a3c507e26d5a944427 100644
--- a/drivers/net/geneve.c
+++ b/drivers/net/geneve.c
@@ -822,7 +822,7 @@ static int geneve_xmit_skb(struct sk_buff *skb, struct net_device *dev,
        __be16 sport;
        int err;
 
-       if (!pskb_inet_may_pull(skb))
+       if (!skb_vlan_inet_prepare(skb))
                return -EINVAL;
 
        if (!gs4)
@@ -929,7 +929,7 @@ static int geneve6_xmit_skb(struct sk_buff *skb, struct net_device *dev,
        __be16 sport;
        int err;
 
-       if (!pskb_inet_may_pull(skb))
+       if (!skb_vlan_inet_prepare(skb))
                return -EINVAL;
 
        if (!gs6)
diff --git a/include/net/ip_tunnels.h b/include/net/ip_tunnels.h
index 5cd64bb2104df389250fb3c518ba00a3826c53f7..41537d5dce52412e15d7871ec604546582b10098 100644
--- a/include/net/ip_tunnels.h
+++ b/include/net/ip_tunnels.h
@@ -361,6 +361,37 @@ static inline bool pskb_inet_may_pull(struct sk_buff *skb)
        return pskb_network_may_pull(skb, nhlen);
 }
 
+/* Strict version of pskb_inet_may_pull().
+ * Once vlan headers are skipped, only accept
+ * ETH_P_IPV6 and ETH_P_IP.
+ */
+static inline __be16 skb_vlan_inet_prepare(struct sk_buff *skb)
+{
+       int nhlen, maclen;
+       __be16 type;
+
+       type = __vlan_get_protocol(skb, type, &maclen);
+
+       switch (type) {
+#if IS_ENABLED(CONFIG_IPV6)
+       case htons(ETH_P_IPV6):
+               nhlen = sizeof(struct ipv6hdr);
+               break;
+#endif
+       case htons(ETH_P_IP):
+               nhlen = sizeof(struct iphdr);
+               break;
+
+       default:
+               return 0;
+       }
+       if (pskb_may_pull(skb, maclen + nhlen))
+               return 0;
+
+       skb_set_network_header(skb, maclen);
+       return type;
+}
+
 static inline int ip_encap_hlen(struct ip_tunnel_encap *e)
 {
        const struct ip_tunnel_encap_ops *ops;