| From 9f79e021de58e4682c44cef09f22ab02d4bef741 Mon Sep 17 00:00:00 2001 |
| From: Steffen Klassert <steffen.klassert@secunet.com> |
| Date: Tue, 2 Apr 2019 08:16:03 +0200 |
| Subject: net-gro: Fix GRO flush when receiving a GSO packet. |
| |
| [ Upstream commit 0ab03f353d3613ea49d1f924faf98559003670a8 ] |
| |
| Currently we may merge incorrectly a received GSO packet |
| or a packet with frag_list into a packet sitting in the |
| gro_hash list. skb_segment() may crash case because |
| the assumptions on the skb layout are not met. |
| The correct behaviour would be to flush the packet in the |
| gro_hash list and send the received GSO packet directly |
| afterwards. Commit d61d072e87c8e ("net-gro: avoid reorders") |
| sets NAPI_GRO_CB(skb)->flush in this case, but this is not |
| checked before merging. This patch makes sure to check this |
| flag and to not merge in that case. |
| |
| Fixes: d61d072e87c8e ("net-gro: avoid reorders") |
| Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| net/core/skbuff.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| diff --git a/net/core/skbuff.c b/net/core/skbuff.c |
| index 2415d9cb9b89..ef2cd5712098 100644 |
| --- a/net/core/skbuff.c |
| +++ b/net/core/skbuff.c |
| @@ -3801,7 +3801,7 @@ int skb_gro_receive(struct sk_buff *p, struct sk_buff *skb) |
| unsigned int delta_truesize; |
| struct sk_buff *lp; |
| |
| - if (unlikely(p->len + len >= 65536)) |
| + if (unlikely(p->len + len >= 65536 || NAPI_GRO_CB(skb)->flush)) |
| return -E2BIG; |
| |
| lp = NAPI_GRO_CB(p)->last; |
| -- |
| 2.19.1 |
| |
