Re: [PATCH v2] net: ipv6: fix skb_over_panic in __ip6_append_data

On Thu, 10 Mar 2022 14:13:28 -0800 Tadeusz Struk wrote:

diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 4788f6b37053..6d45112322a0 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -1649,6 +1649,16 @@ static int __ip6_append_data(struct sock *sk, skb->protocol = htons(ETH_P_IPV6); skb->ip_summed = csummode; skb->csum = 0;

• 	/*
  

• 	 *	Check if there is still room for payload
  

• 	 */
  

TBH I think the check is self-explanatory. Not worth a banner comment, for sure.

• 	if (fragheaderlen >= mtu) {
  

• 		err = -EMSGSIZE;
  

• 		kfree_skb(skb);
  

• 		goto error;
  

• 	}
  

Not sure if Willem prefers this placement, but seems like we can lift this check out of the loop, as soon as fragheaderlen and mtu are known.

	/* reserve for fragmentation and ipsec header */
	skb_reserve(skb, hh_len + sizeof(struct frag_hdr) +
		    dst_exthdrlen);