From mboxrd@z Thu Jan 1 00:00:00 1970 From: Neil Horman Subject: Re: [PATCHv2 net] sctp: fix the issue that pathmtu may be set lower than MINSEGMENT Date: Wed, 4 Jul 2018 07:07:37 -0400 Message-ID: <20180704110737.GA10568@hmswarspite.think-freely.org> References: <0ebc621b57952699c67c558dde3ce61b784e3f74.1530606647.git.lucien.xin@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: network dev , linux-sctp@vger.kernel.org, davem@davemloft.net, Marcelo Ricardo Leitner , syzkaller@googlegroups.com To: Xin Long Return-path: Received: from charlotte.tuxdriver.com ([70.61.120.58]:51561 "EHLO smtp.tuxdriver.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932652AbeGDLIQ (ORCPT ); Wed, 4 Jul 2018 07:08:16 -0400 Content-Disposition: inline In-Reply-To: <0ebc621b57952699c67c558dde3ce61b784e3f74.1530606647.git.lucien.xin@gmail.com> Sender: netdev-owner@vger.kernel.org List-ID: On Tue, Jul 03, 2018 at 04:30:47PM +0800, Xin Long wrote: > After commit b6c5734db070 ("sctp: fix the handling of ICMP Frag Needed > for too small MTUs"), sctp_transport_update_pmtu would refetch pathmtu > from the dst and set it to transport's pathmtu without any check. > > The new pathmtu may be lower than MINSEGMENT if the dst is obsolete and > updated by .get_dst() in sctp_transport_update_pmtu. In this case, it > could have a smaller MTU as well, and thus we should validate it > against MINSEGMENT instead. > > Syzbot reported a warning in sctp_mtu_payload caused by this. > > This patch refetches the pathmtu by calling sctp_dst_mtu where it does > the check against MINSEGMENT. > > v1->v2: > - refetch the pathmtu by calling sctp_dst_mtu instead as Marcelo's > suggestion. > > Fixes: b6c5734db070 ("sctp: fix the handling of ICMP Frag Needed for too small MTUs") > Reported-by: syzbot+f0d9d7cba052f9344b03@syzkaller.appspotmail.com > Suggested-by: Marcelo Ricardo Leitner > Signed-off-by: Xin Long > --- > net/sctp/transport.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/net/sctp/transport.c b/net/sctp/transport.c > index 445b7ef..12cac85 100644 > --- a/net/sctp/transport.c > +++ b/net/sctp/transport.c > @@ -282,7 +282,7 @@ bool sctp_transport_update_pmtu(struct sctp_transport *t, u32 pmtu) > > if (dst) { > /* Re-fetch, as under layers may have a higher minimum size */ > - pmtu = SCTP_TRUNC4(dst_mtu(dst)); > + pmtu = sctp_dst_mtu(dst); > change = t->pathmtu != pmtu; > } > t->pathmtu = pmtu; > -- > 2.1.0 > > -- > To unsubscribe from this list: send the line "unsubscribe linux-sctp" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > Acked-by: Neil Horman