From mboxrd@z Thu Jan 1 00:00:00 1970 From: Willem de Bruijn Subject: [PATCH net] packet: reset network header if packet shorter than ll reserved space Date: Wed, 11 Jul 2018 12:00:45 -0400 Message-ID: <20180711160046.198091-2-willemdebruijn.kernel@gmail.com> References: <20180711160046.198091-1-willemdebruijn.kernel@gmail.com> Cc: davem@davemloft.net, Willem de Bruijn To: netdev@vger.kernel.org Return-path: Received: from mail-qt0-f194.google.com ([209.85.216.194]:43929 "EHLO mail-qt0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726429AbeGKQFv (ORCPT ); Wed, 11 Jul 2018 12:05:51 -0400 Received: by mail-qt0-f194.google.com with SMTP id f18-v6so21497755qtp.10 for ; Wed, 11 Jul 2018 09:00:51 -0700 (PDT) In-Reply-To: <20180711160046.198091-1-willemdebruijn.kernel@gmail.com> Sender: netdev-owner@vger.kernel.org List-ID: From: Willem de Bruijn If variable length link layer headers result in a packet shorter than dev->hard_header_len, reset the network header offset. Else skb->mac_len may exceed skb->len after skb_mac_reset_len. packet_sendmsg_spkt already has similar logic. Fixes: b84bbaf7a6c8 ("packet: in packet_snd start writing at link layer allocation") Signed-off-by: Willem de Bruijn --- net/packet/af_packet.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index 57634bc3da74..9b27d0cd766d 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -2878,6 +2878,8 @@ static int packet_snd(struct socket *sock, struct msghdr *msg, size_t len) goto out_free; } else if (reserve) { skb_reserve(skb, -reserve); + if (len < reserve) + skb_reset_network_header(skb); } /* Returns -EFAULT on error */ -- 2.18.0.203.gfac676dfb9-goog