ipv4: ip_do_fragment: fix headroom tests (254d900b) · Commits · e / devices / android_kernel_oneplus_sm7250

net/ipv4/ip_output.c

+4 −4

Original line number	Diff line number	Diff line
		@@ -599,6 +599,7 @@ int ip_do_fragment(struct net net, struct sock sk, struct sk_buff *skb,
		hlen = iph->ihl * 4;
		mtu = mtu - hlen; /* Size of data space */
		IPCB(skb)->flags \|= IPSKB_FRAG_COMPLETE;
		ll_rs = LL_RESERVED_SPACE(rt->dst.dev);

		/* When frag_list is given, use it. First, check its validity:
		* some transformers could create wrong frag_list or break existing
		@@ -614,14 +615,15 @@ int ip_do_fragment(struct net net, struct sock sk, struct sk_buff *skb,
		if (first_len - hlen > mtu \|\|
		((first_len - hlen) & 7) \|\|
		ip_is_fragment(iph) \|\|
		skb_cloned(skb))
		skb_cloned(skb) \|\|
		skb_headroom(skb) < ll_rs)
		goto slow_path;

		skb_walk_frags(skb, frag) {
		/* Correct geometry. */
		if (frag->len > mtu \|\|
		((frag->len & 7) && frag->next) \|\|
		skb_headroom(frag) < hlen)
		skb_headroom(frag) < hlen + ll_rs)
		goto slow_path_clean;

		/* Partially cloned skb? */
		@@ -711,8 +713,6 @@ int ip_do_fragment(struct net net, struct sock sk, struct sk_buff *skb,
		left = skb->len - hlen; /* Space per frame */
		ptr = hlen; /* Where to start from */

		ll_rs = LL_RESERVED_SPACE(rt->dst.dev);

		/*
		* Fragment the datagram.
		*/