Re: [PATCH net] ip: frags: fix crash in ip_do_fragment()

2018-09-07 3:23 GMT+09:00 Eric Dumazet : > On Thu, Sep 6, 2018 at 11:06 AM Eric Dumazet wrote: >> >> On Thu, Sep 6, 2018 at 10:51 AM Taehee Yoo wrote: >> > >> > A kernel crash occurrs when defragmented packet is fragmented >> > in ip_do_fragment(). >> > In defragment routine, skb_orphan() is call

Re: [PATCH net] ip: frags: fix crash in ip_do_fragment()

On Thu, Sep 6, 2018 at 11:06 AM Eric Dumazet wrote: > > On Thu, Sep 6, 2018 at 10:51 AM Taehee Yoo wrote: > > > > A kernel crash occurrs when defragmented packet is fragmented > > in ip_do_fragment(). > > In defragment routine, skb_orphan() is called and > > skb->ip_defrag_offset is set. but skb-

Re: [PATCH net] ip: frags: fix crash in ip_do_fragment()

On Thu, Sep 6, 2018 at 10:51 AM Taehee Yoo wrote: > > A kernel crash occurrs when defragmented packet is fragmented > in ip_do_fragment(). > In defragment routine, skb_orphan() is called and > skb->ip_defrag_offset is set. but skb->sk and > skb->ip_defrag_offset are same union member. so that > fr

[PATCH net] ip: frags: fix crash in ip_do_fragment()

A kernel crash occurrs when defragmented packet is fragmented in ip_do_fragment(). In defragment routine, skb_orphan() is called and skb->ip_defrag_offset is set. but skb->sk and skb->ip_defrag_offset are same union member. so that frag->sk is not NULL. Hence crash occurrs in skb->sk check routine