From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <netdev-owner@vger.kernel.org>
Received: from mail-pf0-f171.google.com ([209.85.192.171]:36294 "EHLO
        mail-pf0-f171.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752443AbeCWOEs (ORCPT
        <rfc822;netdev@vger.kernel.org>); Fri, 23 Mar 2018 10:04:48 -0400
Received: by mail-pf0-f171.google.com with SMTP id 68so4750970pfx.3
        for <netdev@vger.kernel.org>; Fri, 23 Mar 2018 07:04:48 -0700 (PDT)
Subject: Re: [PATCH net v2] ipv6: the entire IPv6 header chain must fit the
 first fragment
To: Paolo Abeni <pabeni@redhat.com>, netdev@vger.kernel.org
Cc: "David S. Miller" <davem@davemloft.net>,
        David Ahern <dsahern@gmail.com>,
        syzbot <syzbot+91e6f9932ff122fa4410@syzkaller.appspotmail.com>,
        syzkaller-bugs@googlegroups.com
References: <43638c155545c57a4b332c64771a1e9b0238148c.1521812678.git.pabeni@redhat.com>
From: Eric Dumazet <eric.dumazet@gmail.com>
Message-ID: <0c9d0c7e-5cea-5ef4-6cbe-9c87e667123d@gmail.com>
Date: Fri, 23 Mar 2018 07:04:47 -0700
MIME-Version: 1.0
In-Reply-To: <43638c155545c57a4b332c64771a1e9b0238148c.1521812678.git.pabeni@redhat.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>



On 03/23/2018 06:47 AM, Paolo Abeni wrote:
> While building ipv6 datagram we currently allow arbitrary large
> extheaders, even beyond pmtu size. The syzbot has found a way
> to exploit the above to trigger the following splat:
> 
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Reported-by: syzbot+91e6f9932ff122fa4410@syzkaller.appspotmail.com
> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
> 

Reviewed-by: Eric Dumazet <edumazet@google.com>

Thanks Paolo !