iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3ba3458fb9
linux/net
History
Jakub Sitnicki 3ba3458fb9 ipv6: Count in extension headers in skb->network_header 
When sending a UDPv6 message longer than MTU, account for the length
of fragmentable IPv6 extension headers in skb->network_header offset.
Same as we do in alloc_new_skb path in __ip6_append_data().

This ensures that later on __ip6_make_skb() will make space in
headroom for fragmentable extension headers:

	/* move skb->data to ip header from ext header */
	if (skb->data < skb_network_header(skb))
		__skb_pull(skb, skb_network_offset(skb));

Prevents a splat due to skb_under_panic:

skbuff: skb_under_panic: text:ffffffff8143397b len:2126 put:14 \
head:ffff880005bacf50 data:ffff880005bacf4a tail:0x48 end:0xc0 dev:lo
------------[ cut here ]------------
kernel BUG at net/core/skbuff.c:104!
invalid opcode: 0000 [#1] KASAN
CPU: 0 PID: 160 Comm: reproducer Not tainted 4.6.0-rc2 #65
[...]
Call Trace:
 [<ffffffff813eb7b9>] skb_push+0x79/0x80
 [<ffffffff8143397b>] eth_header+0x2b/0x100
 [<ffffffff8141e0d0>] neigh_resolve_output+0x210/0x310
 [<ffffffff814eab77>] ip6_finish_output2+0x4a7/0x7c0
 [<ffffffff814efe3a>] ip6_output+0x16a/0x280
 [<ffffffff815440c1>] ip6_local_out+0xb1/0xf0
 [<ffffffff814f1115>] ip6_send_skb+0x45/0xd0
 [<ffffffff81518836>] udp_v6_send_skb+0x246/0x5d0
 [<ffffffff8151985e>] udpv6_sendmsg+0xa6e/0x1090
[...]

Reported-by: Ji Jianwen <jiji@redhat.com>
Signed-off-by: Jakub Sitnicki <jkbs@redhat.com>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-04-07 22:41:37 -04:00
..
6lowpan 6lowpan: iphc: fix SAM/DAM bit comment 2016-03-10 19:51:29 +01:00
9p net/9p: convert to new CQ API 2016-03-10 20:54:09 -05:00
802
8021q vlan: propagate gso_max_segs 2016-03-17 21:05:01 -04:00
appletalk appletalk: fix erroneous return value 2016-02-18 14:59:34 -05:00
atm
ax25 ax25: add link layer header validation function 2016-03-09 22:13:01 -05:00
batman-adv batman-adv: clarify CFG80211 dependency 2016-03-02 13:45:47 -05:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2016-03-19 10:05:34 -07:00
bridge Revert "bridge: Fix incorrect variable assignment on error path in br_sysfs_addbr" 2016-04-06 15:42:45 -04:00
caif net: caif: fix misleading indentation 2016-03-14 13:09:50 -04:00
can
ceph Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2016-03-26 15:53:16 -07:00
core GRE: Disable segmentation offloads w/ CSUM and we are encapsulated via FOU 2016-04-07 16:56:33 -04:00
dcb
dccp tcp/dccp: remove obsolete WARN_ON() in icmp handlers 2016-03-17 21:06:40 -04:00
decnet net: add validation for the socket syscall protocol argument 2015-12-14 16:09:30 -05:00
dns_resolver
dsa net: dsa: refine netdev event notifier 2016-03-14 16:05:32 -04:00
ethernet eth: Pull header from first fragment via eth_get_headlen 2016-02-24 13:58:05 -05:00
hsr
ieee802154 ieee802154: 6lowpan: fix return of netdev notifier 2016-02-23 20:29:40 +01:00
ipv4 GRE: Disable segmentation offloads w/ CSUM and we are encapsulated via FOU 2016-04-07 16:56:33 -04:00
ipv6 ipv6: Count in extension headers in skb->network_header 2016-04-07 22:41:37 -04:00
ipx
irda Merge 4.5-rc4 into tty-next 2016-02-14 14:36:04 -08:00
iucv af_iucv: Validate socket address length in iucv_sock_bind() 2016-01-19 14:21:08 -05:00
kcm kcm: Add receive message timeout 2016-03-09 16:36:15 -05:00
key
l2tp ipv6: l2tp: fix a potential issue in l2tp_ip6_recv 2016-04-04 16:00:28 -04:00
l3mdev net: l3mdev: address selection should only consider devices in L3 domain 2016-02-26 14:22:26 -05:00
lapb
llc af_llc: fix types on llc_ui_wait_for_conn 2016-02-17 16:12:13 -05:00
mac80211 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-03-08 12:34:12 -05:00
mac802154 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2016-03-19 10:05:34 -07:00
mpls mpls: autoload lwt module 2016-02-21 22:00:28 -05:00
netfilter netfilter: nfnetlink_queue: honor NFQA_CFG_F_FAIL_OPEN when netlink unicast fails 2016-03-28 17:59:20 +02:00
netlabel netlabel: do not initialise statics to NULL 2016-03-07 11:08:26 -05:00
netlink netlink: add support for NIC driver ioctls 2016-03-22 15:45:44 -04:00
netrom
nfc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2016-03-19 10:05:34 -07:00
openvswitch Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 2016-03-28 15:38:59 -04:00
packet af_packet: tone down the Tx-ring unsupported spew. 2016-04-06 16:05:20 -04:00
phonet sock: struct proto hash function may error 2016-02-11 03:54:14 -05:00
rds RDS: fix congestion map corruption for PAGE_SIZE > 4k 2016-04-07 16:58:28 -04:00
rfkill Here's another round of updates for -next: 2016-03-01 17:03:27 -05:00
rose
rxrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2016-03-19 10:05:34 -07:00
sched cls_bpf: reset class and reuse major in da 2016-03-18 19:35:21 -04:00
sctp sctp: flush if we can't fit another DATA chunk 2016-04-05 15:39:44 -04:00
sunrpc Various bugfixes, a RDMA update from Chuck Lever, and support for a new 2016-03-24 10:41:00 -07:00
switchdev switchdev: fix typo in comments/doc 2016-03-24 14:51:24 -04:00
tipc tipc: make sure IPv6 header fits in skb headroom 2016-03-14 12:23:12 -04:00
unix Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-02-23 00:09:14 -05:00
vmw_vsock VSOCK: Detach QP check should filter out non matching QPs. 2016-04-06 16:39:09 -04:00
wimax
wireless Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2016-03-19 10:05:34 -07:00
x25
xfrm xfrm: Fix crash observed during device unregistration and decryption 2016-03-24 14:29:36 -04:00
compat.c
Kconfig Make DST_CACHE a silent config option 2016-03-21 22:56:38 -04:00
Makefile kcm: Kernel Connection Multiplexor module 2016-03-09 16:36:14 -05:00
socket.c net: Fix use after free in the recvmmsg exit path 2016-03-14 12:41:49 -04:00
sysctl_net.c