https://github.com/torvalds/linux
Revision 3ba3458fb9c050718b95275a3310b74415e767e2 authored by Jakub Sitnicki on 05 April 2016, 16:41:08 UTC, committed by David S. Miller on 08 April 2016, 02:41:37 UTC
When sending a UDPv6 message longer than MTU, account for the length of fragmentable IPv6 extension headers in skb->network_header offset. Same as we do in alloc_new_skb path in __ip6_append_data(). This ensures that later on __ip6_make_skb() will make space in headroom for fragmentable extension headers: /* move skb->data to ip header from ext header */ if (skb->data < skb_network_header(skb)) __skb_pull(skb, skb_network_offset(skb)); Prevents a splat due to skb_under_panic: skbuff: skb_under_panic: text:ffffffff8143397b len:2126 put:14 \ head:ffff880005bacf50 data:ffff880005bacf4a tail:0x48 end:0xc0 dev:lo ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:104! invalid opcode: 0000 [#1] KASAN CPU: 0 PID: 160 Comm: reproducer Not tainted 4.6.0-rc2 #65 [...] Call Trace: [<ffffffff813eb7b9>] skb_push+0x79/0x80 [<ffffffff8143397b>] eth_header+0x2b/0x100 [<ffffffff8141e0d0>] neigh_resolve_output+0x210/0x310 [<ffffffff814eab77>] ip6_finish_output2+0x4a7/0x7c0 [<ffffffff814efe3a>] ip6_output+0x16a/0x280 [<ffffffff815440c1>] ip6_local_out+0xb1/0xf0 [<ffffffff814f1115>] ip6_send_skb+0x45/0xd0 [<ffffffff81518836>] udp_v6_send_skb+0x246/0x5d0 [<ffffffff8151985e>] udpv6_sendmsg+0xa6e/0x1090 [...] Reported-by: Ji Jianwen <jiji@redhat.com> Signed-off-by: Jakub Sitnicki <jkbs@redhat.com> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent 579ba85
Tip revision: 3ba3458fb9c050718b95275a3310b74415e767e2 authored by Jakub Sitnicki on 05 April 2016, 16:41:08 UTC
ipv6: Count in extension headers in skb->network_header
ipv6: Count in extension headers in skb->network_header
Tip revision: 3ba3458
d102e_ucode.bin.ihex
:100000008F027D00F904420E850CED14E914FA14F8
:10001000360EF70EFF1FFF1FB914E00000000000AE
:100020000000000000000000BD14E000000000001F
:100030000000000000000000D514E00000000000F7
:1000400000000000000000000000000000000000B0
:100050000000000000000000C114E00000000000EB
:100060000000000000000000000000000000000090
:100070000000000000000000000000000000000080
:100080000000000000000000000000000000000070
:100090000000000000000000C814E00000000000A4
:1000A000000000000000000000062000EE14E00048
:1000B000000000000000000080FF3000460E9400A9
:1000C0000082030000201000430EE000000000004A
:1000D000000000000000000006003000FB14E000FB
:1000E0000000000000000000000000000000000010
:1000F0000000000000000000000000000000000000
:1001000000000000000000000000000000000000EF
:100110000000000000000000416E90003C0E8000D6
:10012000390EE00000000000FD6E9000FD0E900012
:10013000F80EE000000000000000000000000000D9
:1001400000000000000000000000000000000000AF
:10015000000000000000000000000000000000009F
:10016000000000000000000000000000000000008F
:10017000000000000000000000000000000000007F
:10018000000000000000000000000000000000006F
:10019000000000000000000000000000000000005F
:1001A000000000000000000000000000000000004F
:1001B000000000000000000000000000000000003F
:1001C000000000000000000000000000000000002F
:1001D000000000000000000000000000000000001F
:1001E000000000000000000000000000000000000F
:1001F00000000000000000000000000000000000FF
:1002000000000000000000000000000000000000EE
:0B02100000000000000000002A362E55
:00000001FF
/********************************************************/
/* Micro code for the 8086:1229 Rev F/10 */
/********************************************************/
Computing file changes ...
