diff options
author | Eric Dumazet <edumazet@google.com> | 2017-08-16 11:09:12 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2017-08-16 16:28:47 -0700 |
commit | c780a049f9bf442314335372c9abc4548bfe3e44 (patch) | |
tree | 9bfe8c76f75ea6d1dbc52efa95ff294d80d58c8a /include/net/ip.h | |
parent | 81fbfe8adaf38d4f5a98c19bebfd41c5d6acaee8 (diff) | |
download | op-kernel-dev-c780a049f9bf442314335372c9abc4548bfe3e44.zip op-kernel-dev-c780a049f9bf442314335372c9abc4548bfe3e44.tar.gz |
ipv4: better IP_MAX_MTU enforcement
While working on yet another syzkaller report, I found
that our IP_MAX_MTU enforcements were not properly done.
gcc seems to reload dev->mtu for min(dev->mtu, IP_MAX_MTU), and
final result can be bigger than IP_MAX_MTU :/
This is a problem because device mtu can be changed on other cpus or
threads.
While this patch does not fix the issue I am working on, it is
probably worth addressing it.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net/ip.h')
-rw-r--r-- | include/net/ip.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/include/net/ip.h b/include/net/ip.h index 821cedc..0cf7f5a 100644 --- a/include/net/ip.h +++ b/include/net/ip.h @@ -352,7 +352,7 @@ static inline unsigned int ip_dst_mtu_maybe_forward(const struct dst_entry *dst, !forwarding) return dst_mtu(dst); - return min(dst->dev->mtu, IP_MAX_MTU); + return min(READ_ONCE(dst->dev->mtu), IP_MAX_MTU); } static inline unsigned int ip_skb_dst_mtu(struct sock *sk, @@ -364,7 +364,7 @@ static inline unsigned int ip_skb_dst_mtu(struct sock *sk, return ip_dst_mtu_maybe_forward(skb_dst(skb), forwarding); } - return min(skb_dst(skb)->dev->mtu, IP_MAX_MTU); + return min(READ_ONCE(skb_dst(skb)->dev->mtu), IP_MAX_MTU); } u32 ip_idents_reserve(u32 hash, int segs); |