diff mbox series

net: fix fragments have the disallowed options

Message ID 20220107080559.122713-1-ooppublic@163.com (mailing list archive)
State Changes Requested
Delegated to: Netdev Maintainers
Headers show
Series net: fix fragments have the disallowed options | expand

Checks

Context Check Description
netdev/fixes_present success Fixes tag not required for -next series
netdev/subject_prefix warning Target tree name not specified in the subject
netdev/cover_letter success Single patches do not need cover letters
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 4 this patch: 4
netdev/cc_maintainers warning 2 maintainers not CCed: yoshfuji@linux-ipv6.org kuba@kernel.org
netdev/build_clang success Errors and warnings before: 20 this patch: 20
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 6 this patch: 6
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 19 lines checked
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
netdev/tree_selection success Guessing tree name failed - patch did not apply

Commit Message

ooppublic@163.com Jan. 7, 2022, 8:05 a.m. UTC 
From: caixf <ooppublic@163.com>

When in function ip_do_fragment() enter fsat path,
if skb have opthons, all fragments will have the same options.

Just guarantee the second fragment not have the disallowed options.

Signed-off-by: caixf <ooppublic@163.com>
---
 net/ipv4/ip_output.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

Comments

Jakub Kicinski Jan. 12, 2022, 6:43 p.m. UTC | #1 
On Fri,  7 Jan 2022 16:05:59 +0800 ooppublic@163.com wrote:
> From: caixf <ooppublic@163.com>
> 
> When in function ip_do_fragment() enter fsat path,

fsat -> fast

> if skb have opthons, all fragments will have the same options.

opthons -> options

> Just guarantee the second fragment not have the disallowed options.

You're right. Can you send a patch which explicitly reverts these
two commits instead:

 1b9fbe813016b08e08b22ddba4ddbf9cb1b04b00
 faf482ca196a5b16007190529b3b2dd32ab3f761

I prefer the code the way it was before them, plus keeping the code how
it was could help backports.

Thanks!
Jakub Kicinski Jan. 12, 2022, 6:46 p.m. UTC | #2 
On Fri,  7 Jan 2022 16:05:59 +0800 ooppublic@163.com wrote:
> From: caixf <ooppublic@163.com>
> 
> When in function ip_do_fragment() enter fsat path,
> if skb have opthons, all fragments will have the same options.
> 
> Just guarantee the second fragment not have the disallowed options.

#regzbot ^introduced: faf482ca196a5b16007190529b3b2dd32ab3f761
Jakub Kicinski Jan. 18, 2022, 9:10 p.m. UTC | #3 
On Wed, 12 Jan 2022 10:43:24 -0800 Jakub Kicinski wrote:
> On Fri,  7 Jan 2022 16:05:59 +0800 ooppublic@163.com wrote:
> > From: caixf <ooppublic@163.com>
> > 
> > When in function ip_do_fragment() enter fsat path,  
> 
> fsat -> fast
> 
> > if skb have opthons, all fragments will have the same options.  
> 
> opthons -> options
> 
> > Just guarantee the second fragment not have the disallowed options.  
> 
> You're right. Can you send a patch which explicitly reverts these
> two commits instead:
> 
>  1b9fbe813016b08e08b22ddba4ddbf9cb1b04b00
>  faf482ca196a5b16007190529b3b2dd32ab3f761
> 
> I prefer the code the way it was before them, plus keeping the code how
> it was could help backports.

Please let us know if you're planning to send the new patch otherwise
I'll do the revert myself, it's a clear bug.
diff mbox series

Patch

diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 9bca57ef8b83..ce178b5eb848 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -826,15 +826,16 @@  int ip_do_fragment(struct net *net, struct sock *sk, struct sk_buff *skb,
 		/* Everything is OK. Generate! */
 		ip_fraglist_init(skb, iph, hlen, &iter);
 
-		if (iter.frag)
-			ip_options_fragment(iter.frag);
-
 		for (;;) {
 			/* Prepare header of the next frame,
 			 * before previous one went down. */
 			if (iter.frag) {
+				bool first_frag = (iter.offset == 0);
+
 				IPCB(iter.frag)->flags = IPCB(skb)->flags;
 				ip_fraglist_prepare(skb, &iter);
+				if (first_frag)
+					ip_options_fragment(iter.frag);
 			}
 
 			skb->tstamp = tstamp;