From 01a8ef2f327a6fe5075ee5027c9fa02df42c1c4e Mon Sep 17 00:00:00 2001
From: Willem de Bruijn <willemb@google.com>
Date: Wed, 11 Jul 2018 12:00:45 -0400
Subject: packet: reset network header if packet shorter than ll reserved space

[ Upstream commit 993675a3100b16a4c80dfd70cbcde8ea7127b31d ]

If variable length link layer headers result in a packet shorter
than dev->hard_header_len, reset the network header offset. Else
skb->mac_len may exceed skb->len after skb_mac_reset_len.

packet_sendmsg_spkt already has similar logic.

Fixes: b84bbaf7a6c8 ("packet: in packet_snd start writing at link layer allocation")
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/packet/af_packet.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'net/packet')

diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index 3a63f33698d3..8de4e6620c1c 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -2780,6 +2780,8 @@ static int packet_snd(struct socket *sock, struct msghdr *msg, size_t len)
 			goto out_free;
 	} else if (reserve) {
 		skb_reserve(skb, -reserve);
+		if (len < reserve)
+			skb_reset_network_header(skb);
 	}
 
 	/* Returns -EFAULT on error */
-- 
cgit v1.2.3