Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp469214pxv; Fri, 9 Jul 2021 02:05:51 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyiMz/5qwv/yJI8lqRHyf+xLYo66QW2/edbBGjiAeVGhfJxRJnScUtd473k4cO5zVIi6GXT X-Received: by 2002:a05:6e02:f93:: with SMTP id v19mr7569010ilo.170.1625821551023; Fri, 09 Jul 2021 02:05:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1625821551; cv=none; d=google.com; s=arc-20160816; b=qvtevSsx+SP57EEUYL5I+5MuZWZ63czpC9ztQDLHXS86HPJAh+7m4i29TAF50QIrra nFPro1rw4RorjqfPD6WYOxZHTMN5iGuaqstG/seLQXUjiVTwAdqNy6hK7a5N9olAmsRT eaUm35TLe1M52KhZ5JHn+w8s3pUyfJKhqR5VDMe8Fy1U1pjTV+DKehXYPiwFVND1a+Zr 7LOA0US6XUfFX2igDT0TZKZAhXbbvj9hjE09AwPbK57rSvadXRl3jqBxv5RHYBW0ILzR O2HUXi3nHRMPsiCCaLb980BW8J0RZ7ufstH0a/xWTJMTweAF+CQ+rCDnCvPAPlgq6e0R /0IQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:references:cc :to:subject:from:dkim-signature; bh=zFVuTQnyDA8cEkikltXIqvJF76UzOBgsQPGOznrl6Vk=; b=qmmWWNN2tOtytiQ7jWqhOxBFWKqkCyW3SSjiKUaea3CkNLVlm9kVWOtW7VIh2TMHrc VACazSMMxd9hjcd2xI/M9nCo9vcIN+NKJjjnhSAOdobkB9ZCZ88fpn88OFxrDF9X1KuS Xx/VjgKUbCCNKbUhJuT1mjCFFE8adeaHnU7EAwTYfw6InpVq0n6XTJN3+xE8QY/fGnem 0WbYC7vqwM7wDzCKDnjOJMs0gy07f2MxJLu4eLZ9y+zaRuClR9tVVOn+oEE46edl9+OD JwUFLgYNEtCyFEWNyAfKjqdZs1yvMagGRftu2hmZhCUKeTPV82cxNueOJbxrpcw6jwFB KAIw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@virtuozzo.com header.s=relay header.b=LurVBLVo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=virtuozzo.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h9si5805803jaj.40.2021.07.09.02.05.38; Fri, 09 Jul 2021 02:05:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@virtuozzo.com header.s=relay header.b=LurVBLVo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=virtuozzo.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231725AbhGIJHT (ORCPT + 99 others); Fri, 9 Jul 2021 05:07:19 -0400 Received: from relay.sw.ru ([185.231.240.75]:59358 "EHLO relay.sw.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229563AbhGIJHT (ORCPT ); Fri, 9 Jul 2021 05:07:19 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=virtuozzo.com; s=relay; h=Content-Type:MIME-Version:Date:Message-ID:Subject :From; bh=zFVuTQnyDA8cEkikltXIqvJF76UzOBgsQPGOznrl6Vk=; b=LurVBLVosc1opccJ312 Vcm11i6gYFWEZmwLmEu/cja+xeO7VLjW0yJuAp60Dvv/5pzkDHR3w3AnMM3SjhcPr8bd0ZHdTk4cI vy+9ejMYprW2v7c2E/ZdA2175ktIHeWklAI+0qjnMv0ANvImx9HBNF1QZ1gFyILNzXD5gh6ttzY=; Received: from [10.93.0.56] by relay.sw.ru with esmtp (Exim 4.94.2) (envelope-from ) id 1m1mQx-003PkY-Rg; Fri, 09 Jul 2021 12:04:31 +0300 From: Vasily Averin Subject: [PATCH IPV6 v2 0/4] ipv6: allocate enough headroom in ip6_finish_output2() To: "David S. Miller" , Hideaki YOSHIFUJI , David Ahern , Jakub Kicinski , Eric Dumazet Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org References: <1cbf3c7b-455e-f3a5-cc2c-c18ce8be4ce1@gmail.com> Message-ID: <74e90fba-df9f-5078-13de-41df54d2b257@virtuozzo.com> Date: Fri, 9 Jul 2021 12:04:31 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 MIME-Version: 1.0 In-Reply-To: <1cbf3c7b-455e-f3a5-cc2c-c18ce8be4ce1@gmail.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Recently Syzkaller found one more issue on RHEL7-based OpenVz kernels. During its investigation I've found that upstream is affected too. TEE target send sbk with small headroom into another interface which requires an increased headroom. ipv4 handles this problem in ip_finish_output2() and creates new skb with enough headroom, though ip6_finish_output2() lacks this logic. Suzkaller created C reproducer, it can be found in v1 cover-letter. v2 changes: new helper was created and used in ip6_finish_output2 and in ip6_xmit() small refactoring in changed functions: commonly used dereferences was replaced by variables ToDo: clarify proper name for helper, move it into proper place, use it in other similar places: pptp_xmit vrf_finish_output ax25_transmit_buffer ax25_rt_build_path bpf_out_neigh_v6 bpf_out_neigh_v4 ip_finish_output2 ip6_tnl_xmit ipip6_tunnel_xmit ip_vs_prepare_tunneled_skb Vasily Averin (4): ipv6: allocate enough headroom in ip6_finish_output2() ipv6: use new helper skb_expand_head() in ip6_xmit() ipv6: ip6_finish_output2 refactoring ipv6: ip6_xmit refactoring net/ipv6/ip6_output.c | 89 ++++++++++++++++++++++++++++++++++----------------- 1 file changed, 59 insertions(+), 30 deletions(-) -- 1.8.3.1