Please consider to prepare a ReadyKernel patch for it.
https://readykernel.com/ -- Best regards, Konstantin Khorenko, Virtuozzo Linux Kernel Team On 07/17/2017 05:56 PM, Konstantin Khorenko wrote:
The commit is pushed to "branch-rh7-3.10.0-514.26.1.vz7.33.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git after rh7-3.10.0-514.26.1.vz7.33.8 ------> commit fdcf72515c5b548142d8913b3003447a4cbbefe2 Author: Vasily Averin <[email protected]> Date: Mon Jul 17 18:56:14 2017 +0400 ms/ipv4: ip_do_fragment: fix headroom tests Some time ago David Woodhouse reported skb_under_panic when we try to push ethernet header to fragmented ipv6 skbs. It was fixed for ipv6 by Florian Westphal in commit 1d325d217c7f ("ipv6: ip6_fragment: fix headroom tests and skb leak") However similar problem still exist in ipv4. It does not trigger skb_under_panic due paranoid check in ip_finish_output2, however according to Alexey Kuznetsov current state is abnormal and ip_fragment should be fixed too. https://jira.sw.ru/browse/PSBM-68362 Applied to netdev@ repo: https://patchwork.ozlabs.org/patch/788222/ Signed-off-by: Vasily Averin <[email protected]> --- net/ipv4/ip_output.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index 85274fa..84cbbe7 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c @@ -560,6 +560,7 @@ int ip_do_fragment(struct sock *sk, struct sk_buff *skb, hlen = iph->ihl * 4; mtu = mtu - hlen; /* Size of data space */ IPCB(skb)->flags |= IPSKB_FRAG_COMPLETE; + ll_rs = LL_RESERVED_SPACE(rt->dst.dev); /* When frag_list is given, use it. First, check its validity: * some transformers could create wrong frag_list or break existing @@ -575,14 +576,15 @@ int ip_do_fragment(struct sock *sk, struct sk_buff *skb, if (first_len - hlen > mtu || ((first_len - hlen) & 7) || ip_is_fragment(iph) || - skb_cloned(skb)) + skb_cloned(skb) || + skb_headroom(skb) < ll_rs) goto slow_path; skb_walk_frags(skb, frag) { /* Correct geometry. */ if (frag->len > mtu || ((frag->len & 7) && frag->next) || - skb_headroom(frag) < hlen) + skb_headroom(frag) < hlen + ll_rs) goto slow_path_clean; /* Partially cloned skb? */ @@ -672,8 +674,6 @@ int ip_do_fragment(struct sock *sk, struct sk_buff *skb, left = skb->len - hlen; /* Space per frame */ ptr = hlen; /* Where to start from */ - ll_rs = LL_RESERVED_SPACE(rt->dst.dev); - /* * Fragment the datagram. */ .
_______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
