From: Willem de Bruijn
Sent: 10 March 2022 22:43
On Thu, Mar 10, 2022 at 5:30 PM Jakub Kicinski kuba@kernel.org wrote:
On Thu, 10 Mar 2022 14:13:28 -0800 Tadeusz Struk wrote:
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 4788f6b37053..6d45112322a0 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -1649,6 +1649,16 @@ static int __ip6_append_data(struct sock *sk, skb->protocol = htons(ETH_P_IPV6); skb->ip_summed = csummode; skb->csum = 0;
/** Check if there is still room for payload*/TBH I think the check is self-explanatory. Not worth a banner comment, for sure.
if (fragheaderlen >= mtu) {err = -EMSGSIZE;kfree_skb(skb);goto error;}Not sure if Willem prefers this placement, but seems like we can lift this check out of the loop, as soon as fragheaderlen and mtu are known.
/* reserve for fragmentation and ipsec header */ skb_reserve(skb, hh_len + sizeof(struct frag_hdr) + dst_exthdrlen);Just updating this boundary check will do?
if (mtu < fragheaderlen || ((mtu - fragheaderlen) & ~7) + fragheaderlen <sizeof(struct frag_hdr)) goto emsgsize;
Both those < should be <=
But I think I'd check: if (fragheaderlen >= 1280 - sizeof (struct frag_hdr)) goto emsgsize; first (or only!)
David
- Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)