Re: [PATCH v2 net] ipv6: Fix dangling pointer when ipv6 fragment

From: Martin Lau
Date: Mon Apr 01 2019 - 12:35:32 EST

Next message: James Morse: "Re: [PATCH 1/2] edac: sifive: Add DT documentation for SiFive L2 cache Controller"
Previous message: Alexandre Belloni: "[PATCH v2 02/12] rtc: pcf85063: convert to SPDX identifier"
Next in thread: David Miller: "Re: [PATCH v2 net] ipv6: Fix dangling pointer when ipv6 fragment"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Mar 31, 2019 at 05:04:29PM +0800, hujunwei wrote:
> From: Junwei Hu <hujunwei4@xxxxxxxxxx>
>
> At the beginning of ip6_fragment func, the prevhdr pointer is
> obtained in the ip6_find_1stfragopt func.
> However, all the pointers pointing into skb header may change
> when calling skb_checksum_help func with
> skb->ip_summed = CHECKSUM_PARTIAL condition.
> The prevhdr pointe will be dangling if it is not reloaded after
> calling __skb_linearize func in skb_checksum_help func.
>
> Here, I add a variable, nexthdr_offset, to evaluate the offset,
> which does not changes even after calling __skb_linearize func.
Acked-by: Martin KaFai Lau <kafai@xxxxxx>

Next message: James Morse: "Re: [PATCH 1/2] edac: sifive: Add DT documentation for SiFive L2 cache Controller"
Previous message: Alexandre Belloni: "[PATCH v2 02/12] rtc: pcf85063: convert to SPDX identifier"
Next in thread: David Miller: "Re: [PATCH v2 net] ipv6: Fix dangling pointer when ipv6 fragment"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]