[PATCH] net-gro: Fix GRO flush when receiving a GSO packet.

[PATCH] net-gro: Fix GRO flush when receiving a GSO packet.

[Steffen Klassert]

Currently we may merge incorrectly a received GSO packet
or a packet with frag_list into a packet sitting in the
gro_hash list. skb_segment() may crash in this case because
the assumptions on the skb layout are not met in this case.
The correct behaviour would be to flush the packet in the
gro_hash list and send the received GSO packet directly
afterwards. Commit d61d072e87c8e ("net-gro: avoid reorders")
sets NAPI_GRO_CB(skb)->flush in this case, but this is not
checked before merging. This patch makes sure to check this
flag and to not merge in that case.

Fixes: d61d072e87c8e ("net-gro: avoid reorders")
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
 net/core/skbuff.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 2415d9cb9b89..ef2cd5712098 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -3801,7 +3801,7 @@ int skb_gro_receive(struct sk_buff *p, struct sk_buff *skb)
 	unsigned int delta_truesize;
 	struct sk_buff *lp;
 
-	if (unlikely(p->len + len >= 65536))
+	if (unlikely(p->len + len >= 65536 || NAPI_GRO_CB(skb)->flush))
 		return -E2BIG;
 
 	lp = NAPI_GRO_CB(p)->last;
-- 
2.17.1

Re: [PATCH] net-gro: Fix GRO flush when receiving a GSO packet.

[Sergei Shtylyov]

Hello!

On 02.04.2019 9:16, Steffen Klassert wrote:

> Currently we may merge incorrectly a received GSO packet
> or a packet with frag_list into a packet sitting in the
> gro_hash list. skb_segment() may crash in this case because
> the assumptions on the skb layout are not met in this case.

    "In this case" repeated twice in the same sentence sounds
somewhat tautological. :-)

> The correct behaviour would be to flush the packet in the
> gro_hash list and send the received GSO packet directly
> afterwards. Commit d61d072e87c8e ("net-gro: avoid reorders")
> sets NAPI_GRO_CB(skb)->flush in this case, but this is not
> checked before merging. This patch makes sure to check this
> flag and to not merge in that case.
> 
> Fixes: d61d072e87c8e ("net-gro: avoid reorders")
> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
[...]

MBR, Sergei

Re: [PATCH] net-gro: Fix GRO flush when receiving a GSO packet.

[David Miller]

From: Steffen Klassert <steffen.klassert@secunet.com>
Date: Tue, 2 Apr 2019 08:16:03 +0200

> Currently we may merge incorrectly a received GSO packet
> or a packet with frag_list into a packet sitting in the
> gro_hash list. skb_segment() may crash in this case because
> the assumptions on the skb layout are not met in this case.
> The correct behaviour would be to flush the packet in the
> gro_hash list and send the received GSO packet directly
> afterwards. Commit d61d072e87c8e ("net-gro: avoid reorders")
> sets NAPI_GRO_CB(skb)->flush in this case, but this is not
> checked before merging. This patch makes sure to check this
> flag and to not merge in that case.
> 
> Fixes: d61d072e87c8e ("net-gro: avoid reorders")
> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

Applied and queued up for -stable, thanks.