linux/net/ipv4
Herbert Xu c8ac377464 [TCP]: Fix bug #5070: kernel BUG at net/ipv4/tcp_output.c:864
1) We send out a normal sized packet with TSO on to start off.
2) ICMP is received indicating a smaller MTU.
3) We send the current sk_send_head which needs to be fragmented
since it was created before the ICMP event.  The first fragment
is then sent out.

At this point the remaining fragment is allocated by tcp_fragment.
However, its size is padded to fit the L1 cache-line size therefore
creating tail-room up to 124 bytes long.

This fragment will also be sitting at sk_send_head.

4) tcp_sendmsg is called again and it stores data in the tail-room of
of the fragment.
5) tcp_push_one is called by tcp_sendmsg which then calls tso_fragment
since the packet as a whole exceeds the MTU.

At this point we have a packet that has data in the head area being
fed to tso_fragment which bombs out.

My take on this is that we shouldn't ever call tcp_fragment on a TSO
socket for a packet that is yet to be transmitted since this creates
a packet on sk_send_head that cannot be extended.

So here is a patch to change it so that tso_fragment is always used
in this case.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-08-16 20:43:40 -07:00
..
ipvs [NET]: move config options out to individual protocols 2005-07-11 21:13:56 -07:00
netfilter [PATCH] don't try to do any NAT on untracked connections 2005-08-08 11:48:28 -07:00
af_inet.c [IPV4]: Fix up lots of little whitespace indentation stuff in fib_trie. 2005-07-19 14:01:51 -07:00
ah4.c [IPSEC]: Add xfrm_init_state 2005-06-20 13:18:08 -07:00
arp.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
datagram.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
devinet.c [PATCH] create a kstrdup library function 2005-06-23 09:45:18 -07:00
esp4.c [IPSEC]: Add xfrm_init_state 2005-06-20 13:18:08 -07:00
fib_frontend.c [NETLINK]: fib_lookup() via netlink 2005-06-20 13:36:39 -07:00
fib_hash.c [NETLINK]: Correctly set NLM_F_MULTI without checking the pid 2005-06-18 22:54:12 -07:00
fib_lookup.h [NETLINK]: Correctly set NLM_F_MULTI without checking the pid 2005-06-18 22:54:12 -07:00
fib_rules.c [NETLINK]: Correctly set NLM_F_MULTI without checking the pid 2005-06-18 22:54:12 -07:00
fib_semantics.c [IPV4]: Fix memory leak during fib_info hash expansion. 2005-08-05 04:12:48 -07:00
fib_trie.c [IPV4]: Fix up lots of little whitespace indentation stuff in fib_trie. 2005-07-19 14:01:51 -07:00
icmp.c [IPV4]: Debug cleanup 2005-08-08 14:26:52 -07:00
igmp.c [IPV4]: fix IPv4 leave-group group matching 2005-07-08 17:48:38 -07:00
inetpeer.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ip_forward.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ip_fragment.c [IPV4]: Debug cleanup 2005-08-08 14:26:52 -07:00
ip_gre.c [NET]: fix oops after tunnel module unload 2005-07-30 17:46:44 -07:00
ip_input.c [IPV4]: Snmpv2 Mib IP counter ipInAddrErrors support 2005-06-28 13:06:23 -07:00
ip_options.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ip_output.c [NETFILTER]: Revert nf_reset change 2005-07-12 11:57:52 -07:00
ip_sockglue.c [IPSEC]: Restrict socket policy loading to CAP_NET_ADMIN. 2005-08-06 06:33:15 -07:00
ipcomp.c [IPSEC]: Add xfrm_init_state 2005-06-20 13:18:08 -07:00
ipconfig.c [IPV4]: ipconfig.c: fix dhcp timeout behaviour 2005-06-28 13:21:12 -07:00
ipip.c [NET]: fix oops after tunnel module unload 2005-07-30 17:46:44 -07:00
ipmr.c [NET]: Spelling mistakes threshoulds -> thresholds 2005-07-30 17:41:59 -07:00
Kconfig [IPV4]: Fix Kconfig syntax error 2005-07-27 13:00:04 -07:00
Makefile [NET]: Move in_aton from net/ipv4/utils.c to net/core/utils.c 2005-07-27 15:24:42 -07:00
multipath_drr.c [IPV4]: Multipath modules need a license to prevent kernel tainting. 2005-06-13 14:29:06 -07:00
multipath_random.c [IPV4]: Multipath modules need a license to prevent kernel tainting. 2005-06-13 14:29:06 -07:00
multipath_rr.c [IPV4]: Multipath modules need a license to prevent kernel tainting. 2005-06-13 14:29:06 -07:00
multipath_wrandom.c [IPV4]: Multipath modules need a license to prevent kernel tainting. 2005-06-13 14:29:06 -07:00
multipath.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
proc.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
protocol.c [PATCH] update Ross Biro bouncing email address 2005-05-05 16:36:49 -07:00
raw.c [IPV4]: [4/4] signed vs unsigned cleanup in net/ipv4/raw.c 2005-06-18 23:00:34 -07:00
route.c [IPV4]: Prevent oops when printing martian source 2005-07-11 21:01:42 -07:00
syncookies.c [NET] Rename open_request to request_sock 2005-06-18 22:47:21 -07:00
sysctl_net_ipv4.c [TCP]: Add pluggable congestion control algorithm infrastructure. 2005-06-23 12:19:55 -07:00
tcp_bic.c [TCP]: Add TCP BIC congestion control module. 2005-06-23 12:23:25 -07:00
tcp_cong.c [TCP]: Allow choosing TCP congestion control via sockopt. 2005-06-23 20:37:36 -07:00
tcp_diag.c [TCP]: Report congestion control algorithm in tcp_diag. 2005-06-23 12:21:28 -07:00
tcp_highspeed.c [TCP]: Add High Speed TCP congestion control module. 2005-06-23 12:24:58 -07:00
tcp_htcp.c [TCP]: Add H-TCP congestion control module. 2005-06-23 12:28:11 -07:00
tcp_hybla.c [TCP]: Add TCP Hybla congestion control module. 2005-06-23 12:26:34 -07:00
tcp_input.c [NET]: Transform skb_queue_len() binary tests into skb_queue_empty() 2005-07-08 14:57:23 -07:00
tcp_ipv4.c [IPV4]: Debug cleanup 2005-08-08 14:26:52 -07:00
tcp_minisocks.c [TCP]: Add pluggable congestion control algorithm infrastructure. 2005-06-23 12:19:55 -07:00
tcp_output.c [TCP]: Fix bug #5070: kernel BUG at net/ipv4/tcp_output.c:864 2005-08-16 20:43:40 -07:00
tcp_scalable.c [TCP]: Add Scalable TCP congestion control module. 2005-06-23 12:29:07 -07:00
tcp_timer.c [NET]: Transform skb_queue_len() binary tests into skb_queue_empty() 2005-07-08 14:57:23 -07:00
tcp_vegas.c [TCP]: Add TCP Vegas congestion control module. 2005-06-23 12:27:19 -07:00
tcp_westwood.c [TCP]: Add TCP Westwood congestion control module. 2005-06-23 12:24:09 -07:00
tcp.c [NET]: Transform skb_queue_len() binary tests into skb_queue_empty() 2005-07-08 14:57:23 -07:00
udp.c [IPV4]: Debug cleanup 2005-08-08 14:26:52 -07:00
xfrm4_input.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
xfrm4_output.c [IPSEC]: Add XFRM_STATE_NOPMTUDISC flag 2005-06-20 13:21:43 -07:00
xfrm4_policy.c [IPSEC]: Store idev entries 2005-05-03 16:27:10 -07:00
xfrm4_state.c [IPSEC]: Add XFRM_STATE_NOPMTUDISC flag 2005-06-20 13:21:43 -07:00
xfrm4_tunnel.c [NET]: Make ipip/ip6_tunnel independant of XFRM 2005-07-19 14:03:34 -07:00