tcp: len check is unnecessarily devastating, change to WARN_ON

BugLink: http://bugs.launchpad.net/bugs/793702

[ Upstream commit 2fceec13375e5d98ef033c6b0ee03943fc460950 ]

All callers are prepared for alloc failures anyway, so this error
can safely be boomeranged to the callers domain without super
bad consequences. ...At worst the connection might go into a state
where each RTO tries to (unsuccessfully) re-fragment with such
a mis-sized value and eventually dies.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>

diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index dfa5beb..8b0d016 100644 (file)
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -1003,7 +1003,8 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len,
        int nlen;
        u8 flags;
 
-       BUG_ON(len > skb->len);
+       if (WARN_ON(len > skb->len))
+               return -EINVAL;
 
        nsize = skb_headlen(skb) - len;
        if (nsize < 0)