Commit f7b52afe authored May 22, 2026 by Zhengchuan Liang Committed by Jakub Kicinski May 25, 2026

ipv6: exthdrs: refresh nh after handling HAO option



ip6_parse_tlv() caches skb_network_header(skb) in nh while walking
IPv6 TLVs.

ipv6_dest_hao() may call pskb_expand_head() for a cloned skb, which can
move the skb head and invalidate the cached network header pointer.
Refresh nh after ipv6_dest_hao() returns so any trailing padding or TLVs
are parsed from the current skb head.

This matches the existing pattern used in ip6_parse_tlv() after helpers
that can modify skb header storage.

Fixes: a831f5bb ("[IPV6] MIP6: Add inbound interface of home address option.")
Cc: stable@kernel.org
Reported-by: Yuan Tan <yuantan098@gmail.com>
Reported-by: Xin Liu <bird@lzu.edu.cn>
Co-developed-by: Luxing Yin <tr0jan@lzu.edu.cn>
Signed-off-by: Luxing Yin <tr0jan@lzu.edu.cn>
Signed-off-by: Zhengchuan Liang <zcliangcn@gmail.com>
Signed-off-by: Ren Wei <n05ec@lzu.edu.cn>
Reviewed-by: Justin Iurman <justin.iurman@gmail.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Link: https://patch.msgid.link/7aba1debc2196189172499e5769802b026f8caf8.1779247873.git.zcliangcn@gmail.com


Signed-off-by: Jakub Kicinski <kuba@kernel.org>

parent f6f1bfc1

net/ipv6/exthdrs.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -201,6 +201,8 @@ static bool ip6_parse_tlv(bool hopbyhop,
		case IPV6_TLV_HAO:
		if (!ipv6_dest_hao(skb, off))
		return false;

		nh = skb_network_header(skb);
		break;
		#endif
		default: