* [PATCH BUG-FIX] ipv6: udp: fix the wrong headroom check
@ 2011-04-20 8:52 Shan Wei
2011-04-20 10:50 ` Herbert Xu
0 siblings, 1 reply; 3+ messages in thread
From: Shan Wei @ 2011-04-20 8:52 UTC (permalink / raw)
To: kuznet, David Miller, pekkas, jmorris,
yoshfuji@linux-ipv6.org >> YOSHIFUJI Hideaki, Patrick
At this point, skb->data points to skb_transport_header.
So, headroom check is wrong.
For some case:bridge(UFO is on) + eth device(UFO is off),
there is no enough headroom for IPv6 frag head.
But headroom check is always false.
This will bring about data be moved to there prior to skb->head,
when adding IPv6 frag header to skb.
Signed-off-by: Shan Wei <shanwei@cn.fujitsu.com>
---
net/ipv6/udp.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index 15c3774..9e305d7 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -1335,7 +1335,7 @@ static struct sk_buff *udp6_ufo_fragment(struct sk_buff *skb, u32 features)
skb->ip_summed = CHECKSUM_NONE;
/* Check if there is enough headroom to insert fragment header. */
- if ((skb_headroom(skb) < frag_hdr_sz) &&
+ if ((skb_mac_header(skb) < skb->head + frag_hdr_sz) &&
pskb_expand_head(skb, frag_hdr_sz, 0, GFP_ATOMIC))
goto out;
--
1.6.3.3
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH BUG-FIX] ipv6: udp: fix the wrong headroom check
2011-04-20 8:52 [PATCH BUG-FIX] ipv6: udp: fix the wrong headroom check Shan Wei
@ 2011-04-20 10:50 ` Herbert Xu
2011-04-21 17:39 ` David Miller
0 siblings, 1 reply; 3+ messages in thread
From: Herbert Xu @ 2011-04-20 10:50 UTC (permalink / raw)
To: Shan Wei
Cc: kuznet, David Miller, pekkas, jmorris,
yoshfuji@linux-ipv6.org >> YOSHIFUJI Hideaki,
Patrick McHardy, netdev
On Wed, Apr 20, 2011 at 04:52:49PM +0800, Shan Wei wrote:
> At this point, skb->data points to skb_transport_header.
> So, headroom check is wrong.
>
> For some case:bridge(UFO is on) + eth device(UFO is off),
> there is no enough headroom for IPv6 frag head.
> But headroom check is always false.
>
> This will bring about data be moved to there prior to skb->head,
> when adding IPv6 frag header to skb.
>
> Signed-off-by: Shan Wei <shanwei@cn.fujitsu.com>
Ouch.
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH BUG-FIX] ipv6: udp: fix the wrong headroom check
2011-04-20 10:50 ` Herbert Xu
@ 2011-04-21 17:39 ` David Miller
0 siblings, 0 replies; 3+ messages in thread
From: David Miller @ 2011-04-21 17:39 UTC (permalink / raw)
To: herbert; +Cc: shanwei, kuznet, pekkas, jmorris, yoshfuji, kaber, netdev
From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Wed, 20 Apr 2011 18:50:07 +0800
> On Wed, Apr 20, 2011 at 04:52:49PM +0800, Shan Wei wrote:
>> At this point, skb->data points to skb_transport_header.
>> So, headroom check is wrong.
>>
>> For some case:bridge(UFO is on) + eth device(UFO is off),
>> there is no enough headroom for IPv6 frag head.
>> But headroom check is always false.
>>
>> This will bring about data be moved to there prior to skb->head,
>> when adding IPv6 frag header to skb.
>>
>> Signed-off-by: Shan Wei <shanwei@cn.fujitsu.com>
>
> Ouch.
>
> Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Applied, thanks.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-04-21 17:40 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-04-20 8:52 [PATCH BUG-FIX] ipv6: udp: fix the wrong headroom check Shan Wei
2011-04-20 10:50 ` Herbert Xu
2011-04-21 17:39 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).