From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1424007AbcFMOCF (ORCPT ); Mon, 13 Jun 2016 10:02:05 -0400 Received: from us-smtp-delivery-181.mimecast.com ([63.128.21.181]:39203 "EHLO us-smtp-delivery-181.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1423941AbcFMOCB (ORCPT ); Mon, 13 Jun 2016 10:02:01 -0400 From: Steven Caron To: Hannes Frederic Sowa , Cong Wang CC: "linux-kernel@vger.kernel.org" , "Linux Kernel Network Developers" Subject: [PATCH v1 1/1] ipv4: Prevent malformed UFO fragments in ip_append_page Thread-Topic: [PATCH v1 1/1] ipv4: Prevent malformed UFO fragments in ip_append_page Thread-Index: AdHFeyEJRcyHZdcqTE6xa719Q8Xhaw== Date: Mon, 13 Jun 2016 14:01:19 +0000 Message-ID: <6A051441C8B95A448E49718A747690B901CA76C84F@gbplmail03.genband.com> Accept-Language: en-CA, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [172.16.21.173] MIME-Version: 1.0 X-MC-Unique: gcCWsLxEREKKUBvP60st8Q-10 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by mail.home.local id u5DE2BEm008200 As the ip fragment offset field counts 8-byte chunks, non-final ip fragments must be multiples of 8 bytes of payload. Depending on the mtu and ip option sizes, ip_append_page wasn't respecting this, notably when running NFS under UDP. Signed-off-by: Steven Caron --- diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index 124bf0a..21ec54e 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c @@ -1239,7 +1239,7 @@ ssize_t ip_append_page(struct sock *sk, struct flowi4 *fl4, struct page *page, if (skb->ip_summed != CHECKSUM_PARTIAL) return -EOPNOTSUPP; - skb_shinfo(skb)->gso_size = mtu - fragheaderlen; + skb_shinfo(skb)->gso_size = maxfraglen - fragheaderlen; skb_shinfo(skb)->gso_type = SKB_GSO_UDP; } cork->length += size;