Re: [PATCH] xfrm: fix missing headroom check in xfrm_dev_direct_output

Next message: Xuewen Wang: "[PATCH v2 3/3] tools/mm/slabinfo: remove redundant slab-&gt;partial assignment"
Previous message: Xuewen Wang: "[PATCH v2 2/3] tools/mm/slabinfo: remove dead assignment in get_obj_and_str()"
In reply to: G&#xFC;nther Muller: "[PATCH] xfrm: fix missing headroom check in xfrm_dev_direct_output"
Next in thread: G&#xFC;nther Muller: "[PATCH v2] xfrm: fix missing headroom check in xfrm_dev_direct_output"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Steffen Klassert

Date: Mon May 18 2026 - 02:34:00 EST

On Sun, May 17, 2026 at 01:19:40PM +0200, Günther Muller wrote:
> Ensure the skb has enough headroom for the hardware offload device's
> hard_header_len. If the headroom is insufficient (e.g., when routing
> through certain virtual or tunnel devices), __skb_push() underflows
> skb->data below skb->head, causing silent memory corruption.
>
> Fix this by using skb_cow_head() to dynamically expand headroom if
> needed, and switch to the checked skb_push() variant.
>
> Signed-off-by: Günther Muller <gunther.muller2008@xxxxxxxxx>

As this is a fix, please add a 'Fixes:' tag to the commit message.

Thanks!