From owner-svn-src-head@freebsd.org Mon Sep 30 14:22:06 2019 Return-Path: Delivered-To: svn-src-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5A6B6129350; Mon, 30 Sep 2019 14:22:06 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 46hl313Zpmz40c2; Mon, 30 Sep 2019 14:22:05 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1iEwYl-000PHD-B7; Mon, 30 Sep 2019 17:21:55 +0300 Date: Mon, 30 Sep 2019 17:21:55 +0300 From: Slawa Olhovchenkov To: Michael Tuexen Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r352868 - in head/sys/netinet: . tcp_stacks Message-ID: <20190930142155.GC38096@zxy.spb.ru> References: <201909291045.x8TAjD6J066797@repo.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201909291045.x8TAjD6J066797@repo.freebsd.org> User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-Rspamd-Queue-Id: 46hl313Zpmz40c2 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of slw@zxy.spb.ru has no SPF policy when checking 195.70.199.98) smtp.mailfrom=slw@zxy.spb.ru X-Spamd-Result: default: False [-0.38 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.64)[-0.637,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-0.65)[-0.645,0]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[zxy.spb.ru]; TO_DN_SOME(0.00)[]; AUTH_NA(1.00)[]; IP_SCORE(0.00)[country: RU(0.01)]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:5495, ipnet:195.70.192.0/19, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Sep 2019 14:22:06 -0000 On Sun, Sep 29, 2019 at 10:45:13AM +0000, Michael Tuexen wrote: > Author: tuexen > Date: Sun Sep 29 10:45:13 2019 > New Revision: 352868 > URL: https://svnweb.freebsd.org/changeset/base/352868 > > Log: > RFC 7112 requires a host to put the complete IP header chain > including the TCP header in the first IP packet. > Enforce this in tcp_output(). In addition make sure that at least > one byte payload fits in the TCP segement to allow making progress. > Without this check, a kernel with INVARIANTS will panic. > This issue was found by running an instance of syzkaller. How to posible this? Host required to handle packets up to 576 bytes, how to IP and TCP options can exhaust this size?