linux/net/sctp
Xin Long a659254755 sctp: fix the issue that pathmtu may be set lower than MINSEGMENT
After commit b6c5734db0 ("sctp: fix the handling of ICMP Frag Needed
for too small MTUs"), sctp_transport_update_pmtu would refetch pathmtu
from the dst and set it to transport's pathmtu without any check.

The new pathmtu may be lower than MINSEGMENT if the dst is obsolete and
updated by .get_dst() in sctp_transport_update_pmtu. In this case, it
could have a smaller MTU as well, and thus we should validate it
against MINSEGMENT instead.

Syzbot reported a warning in sctp_mtu_payload caused by this.

This patch refetches the pathmtu by calling sctp_dst_mtu where it does
the check against MINSEGMENT.

v1->v2:
  - refetch the pathmtu by calling sctp_dst_mtu instead as Marcelo's
    suggestion.

Fixes: b6c5734db0 ("sctp: fix the handling of ICMP Frag Needed for too small MTUs")
Reported-by: syzbot+f0d9d7cba052f9344b03@syzkaller.appspotmail.com
Suggested-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-07-04 21:36:34 +09:00
..
associola.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-05-11 20:53:22 -04:00
auth.c treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
bind_addr.c sctp: remove the typedef sctp_scope_t 2017-08-06 21:33:41 -07:00
chunk.c sctp: fix erroneous inc of snmp SctpFragUsrMsgs 2018-06-21 12:49:33 +09:00
debug.c sctp: add SCTP_CID_I_DATA and SCTP_CID_I_FWD_TSN conversion in sctp_cname 2018-02-12 11:40:01 -05:00
diag.c sctp: add file comments in diag.c 2018-02-13 13:56:31 -05:00
endpointola.c treewide: Use struct_size() for kmalloc()-family 2018-06-06 11:15:43 -07:00
input.c sctp: remove unnecessary asoc in sctp_has_association 2018-03-27 10:22:11 -04:00
inqueue.c sctp: fix the issue that the cookie-ack with auth can't get processed 2018-05-02 11:15:33 -04:00
ipv6.c Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL 2018-06-28 10:40:47 -07:00
Kconfig net: sctp: Remove debug SCTP probe module 2018-01-02 14:27:29 -05:00
Makefile sctp: rename sctp_diag.c as diag.c 2018-02-13 13:56:31 -05:00
objcnt.c proc: introduce proc_create_seq{,_data} 2018-05-16 07:23:35 +02:00
offload.c net: use skb_is_gso_sctp() instead of open-coding 2018-03-09 11:41:47 -05:00
output.c sctp: define sctp_packet_gso_append to build GSO frames 2018-06-14 10:25:53 -07:00
outqueue.c sctp: checkpatch fixups 2018-05-14 23:15:27 -04:00
primitive.c sctp: remove the typedef sctp_subtype_t 2017-08-06 21:33:42 -07:00
proc.c proc: introduce proc_create_net_single 2018-05-16 07:24:30 +02:00
protocol.c Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL 2018-06-28 10:40:47 -07:00
sm_make_chunk.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-05-11 20:53:22 -04:00
sm_sideeffect.c sctp: add SCTP_AUTH_NO_AUTH type for AUTHENTICATION_EVENT 2018-03-14 13:48:27 -04:00
sm_statefuns.c sctp: delay the authentication for the duplicated cookie-echo chunk 2018-05-07 23:39:10 -04:00
sm_statetable.c sctp: implement validate_ftsn for sctp_stream_interleave 2017-12-15 13:52:22 -05:00
socket.c Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL 2018-06-28 10:40:47 -07:00
stream_interleave.c sctp: remove the left unnecessary check for chunk in sctp_renege_events 2018-02-16 16:32:37 -05:00
stream_sched_prio.c sctp: remove extern from stream sched 2017-11-28 11:00:13 -05:00
stream_sched_rr.c sctp: remove extern from stream sched 2017-11-28 11:00:13 -05:00
stream_sched.c sctp: add stream interleave support in stream scheduler 2017-12-15 13:52:22 -05:00
stream.c sctp: clear the new asoc's stream outcnt in sctp_stream_update 2018-04-27 13:34:34 -04:00
sysctl.c sctp: support sysctl to allow users to use stream interleave 2017-12-15 13:52:22 -05:00
transport.c sctp: fix the issue that pathmtu may be set lower than MINSEGMENT 2018-07-04 21:36:34 +09:00
tsnmap.c sctp: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
ulpevent.c sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg 2018-05-10 17:48:36 -04:00
ulpqueue.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-12-22 11:16:31 -05:00