From: Xin Long <lucien....@gmail.com>
Date: Tue, 3 Jul 2018 16:30:47 +0800
> After commit b6c5734db070 ("sctp: fix the handling of ICMP Frag Needed
> for too small MTUs"), sctp_transport_update_pmtu would refetch pathmtu
> from the dst and set it to transport's pathmtu without any check.
>
> The new pathmtu may be lower than MINSEGMENT if the dst is obsolete and
> updated by .get_dst() in sctp_transport_update_pmtu. In this case, it
> could have a smaller MTU as well, and thus we should validate it
> against MINSEGMENT instead.
>
> Syzbot reported a warning in sctp_mtu_payload caused by this.
>
> This patch refetches the pathmtu by calling sctp_dst_mtu where it does
> the check against MINSEGMENT.
>
> v1->v2:
> - refetch the pathmtu by calling sctp_dst_mtu instead as Marcelo's
> suggestion.
>
> Fixes: b6c5734db070 ("sctp: fix the handling of ICMP Frag Needed for too
> small MTUs")
> Reported-by: syzbot+f0d9d7cba052f9344...@syzkaller.appspotmail.com
> Suggested-by: Marcelo Ricardo Leitner <marcelo.leit...@gmail.com>
> Signed-off-by: Xin Long <lucien....@gmail.com>
Applied and queued up for -stable.
