From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Felix Fietkau <nbd@nbd.name>,
Willem de Bruijn <willemb@google.com>,
Jakub Kicinski <kuba@kernel.org>, Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.1 57/97] net: ipv6: fix UDPv6 GSO segmentation with NAT
Date: Wed, 7 May 2025 20:39:32 +0200 [thread overview]
Message-ID: <20250507183809.290394861@linuxfoundation.org> (raw)
In-Reply-To: <20250507183806.987408728@linuxfoundation.org>
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Felix Fietkau <nbd@nbd.name>
[ Upstream commit b936a9b8d4a585ccb6d454921c36286bfe63e01d ]
If any address or port is changed, update it in all packets and recalculate
checksum.
Fixes: 9fd1ff5d2ac7 ("udp: Support UDP fraglist GRO/GSO.")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Reviewed-by: Willem de Bruijn <willemb@google.com>
Link: https://patch.msgid.link/20250426153210.14044-1-nbd@nbd.name
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/udp_offload.c | 61 +++++++++++++++++++++++++++++++++++++++++-
1 file changed, 60 insertions(+), 1 deletion(-)
diff --git a/net/ipv4/udp_offload.c b/net/ipv4/udp_offload.c
index 2f1f038b0dc1b..d415b4fb2f1f4 100644
--- a/net/ipv4/udp_offload.c
+++ b/net/ipv4/udp_offload.c
@@ -246,6 +246,62 @@ static struct sk_buff *__udpv4_gso_segment_list_csum(struct sk_buff *segs)
return segs;
}
+static void __udpv6_gso_segment_csum(struct sk_buff *seg,
+ struct in6_addr *oldip,
+ const struct in6_addr *newip,
+ __be16 *oldport, __be16 newport)
+{
+ struct udphdr *uh = udp_hdr(seg);
+
+ if (ipv6_addr_equal(oldip, newip) && *oldport == newport)
+ return;
+
+ if (uh->check) {
+ inet_proto_csum_replace16(&uh->check, seg, oldip->s6_addr32,
+ newip->s6_addr32, true);
+
+ inet_proto_csum_replace2(&uh->check, seg, *oldport, newport,
+ false);
+ if (!uh->check)
+ uh->check = CSUM_MANGLED_0;
+ }
+
+ *oldip = *newip;
+ *oldport = newport;
+}
+
+static struct sk_buff *__udpv6_gso_segment_list_csum(struct sk_buff *segs)
+{
+ const struct ipv6hdr *iph;
+ const struct udphdr *uh;
+ struct ipv6hdr *iph2;
+ struct sk_buff *seg;
+ struct udphdr *uh2;
+
+ seg = segs;
+ uh = udp_hdr(seg);
+ iph = ipv6_hdr(seg);
+ uh2 = udp_hdr(seg->next);
+ iph2 = ipv6_hdr(seg->next);
+
+ if (!(*(const u32 *)&uh->source ^ *(const u32 *)&uh2->source) &&
+ ipv6_addr_equal(&iph->saddr, &iph2->saddr) &&
+ ipv6_addr_equal(&iph->daddr, &iph2->daddr))
+ return segs;
+
+ while ((seg = seg->next)) {
+ uh2 = udp_hdr(seg);
+ iph2 = ipv6_hdr(seg);
+
+ __udpv6_gso_segment_csum(seg, &iph2->saddr, &iph->saddr,
+ &uh2->source, uh->source);
+ __udpv6_gso_segment_csum(seg, &iph2->daddr, &iph->daddr,
+ &uh2->dest, uh->dest);
+ }
+
+ return segs;
+}
+
static struct sk_buff *__udp_gso_segment_list(struct sk_buff *skb,
netdev_features_t features,
bool is_ipv6)
@@ -258,7 +314,10 @@ static struct sk_buff *__udp_gso_segment_list(struct sk_buff *skb,
udp_hdr(skb)->len = htons(sizeof(struct udphdr) + mss);
- return is_ipv6 ? skb : __udpv4_gso_segment_list_csum(skb);
+ if (is_ipv6)
+ return __udpv6_gso_segment_list_csum(skb);
+ else
+ return __udpv4_gso_segment_list_csum(skb);
}
struct sk_buff *__udp_gso_segment(struct sk_buff *gso_skb,
--
2.39.5
next prev parent reply other threads:[~2025-05-07 18:48 UTC|newest]
Thread overview: 107+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-07 18:38 [PATCH 6.1 00/97] 6.1.138-rc1 review Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 01/97] Revert "rndis_host: Flag RNDIS modems as WWAN devices" Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 02/97] ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 03/97] drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 04/97] EDAC/altera: Test the correct error reg offset Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 05/97] EDAC/altera: Set DDR and SDMMC interrupt mask before registration Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 06/97] i2c: imx-lpi2c: Fix clock count when probe defers Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 07/97] arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 08/97] parisc: Fix double SIGFPE crash Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 09/97] perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPUs value Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 10/97] amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 11/97] irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 12/97] mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 13/97] wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 14/97] dm-integrity: fix a warning on invalid table line Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 15/97] dm: always update the array size in realloc_argv on success Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 16/97] iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 17/97] iommu/vt-d: Apply quirk_iommu_igfx for 8086:0044 (QM57/QS57) Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 18/97] platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 19/97] ksmbd: fix use-after-free in kerberos authentication Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 20/97] cpufreq: Avoid using inconsistent policy->min and policy->max Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 21/97] cpufreq: Fix setting policy limits when frequency tables are used Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 22/97] tracing: Fix oob write in trace_seq_to_buffer() Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 23/97] xfs: fix error returns from xfs_bmapi_write Greg Kroah-Hartman
2025-05-07 18:38 ` [PATCH 6.1 24/97] xfs: fix xfs_bmap_add_extent_delay_real for partial conversions Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 25/97] xfs: remove a racy if_bytes check in xfs_reflink_end_cow_extent Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 26/97] xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log intent item recovery Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 27/97] xfs: check opcode and iovec count match in xlog_recover_attri_commit_pass2 Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 28/97] xfs: validate recovered name buffers when recovering xattr items Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 29/97] xfs: revert commit 44af6c7e59b12 Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 30/97] xfs: match lock mode in xfs_buffered_write_iomap_begin() Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 31/97] xfs: make the seq argument to xfs_bmapi_convert_delalloc() optional Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 32/97] xfs: make xfs_bmapi_convert_delalloc() to allocate the target offset Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 33/97] xfs: convert delayed extents to unwritten when zeroing post eof blocks Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 34/97] xfs: allow symlinks with short remote targets Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 35/97] xfs: make sure sb_fdblocks is non-negative Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 36/97] xfs: fix freeing speculative preallocations for preallocated files Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 37/97] xfs: allow unlinked symlinks and dirs with zero size Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 38/97] xfs: restrict when we try to align cow fork delalloc to cowextsz hints Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 39/97] KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 40/97] dm-bufio: dont schedule in atomic context Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 41/97] ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 42/97] wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 43/97] vxlan: vnifilter: Fix unlocked deletion of default FDB entry Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 44/97] net/mlx5: E-Switch, Initialize MAC Address for Default GID Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 45/97] net/mlx5: E-switch, Fix error handling for enabling roce Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 46/97] net: mscc: ocelot: treat 802.1ad tagged traffic as 802.1Q-untagged Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 47/97] net: mscc: ocelot: delete PVID VLAN when readding it as non-PVID Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 48/97] net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 49/97] net: ethernet: mtk-star-emac: rearm interrupts in rx_poll only when advised Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 50/97] net_sched: drr: Fix double list add in class with netem as child qdisc Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 51/97] net_sched: hfsc: Fix a UAF vulnerability " Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 52/97] net_sched: ets: Fix double list add " Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 53/97] net_sched: qfq: " Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 54/97] ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 55/97] net: dlink: Correct endianness handling of led_mode Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 56/97] net: dsa: felix: fix broken taprio gate states after clock jump Greg Kroah-Hartman
2025-05-07 18:39 ` Greg Kroah-Hartman [this message]
2025-05-07 18:39 ` [PATCH 6.1 58/97] bnxt_en: Fix coredump logic to free allocated buffer Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 59/97] bnxt_en: Fix out-of-bound memcpy() during ethtool -w Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 60/97] bnxt_en: Fix ethtool -d byte order for 32-bit values Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 61/97] nvme-tcp: fix premature queue removal and I/O failover Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 62/97] net: lan743x: Fix memleak issue when GSO enabled Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 63/97] net: fec: ERR007885 Workaround for conventional TX Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 64/97] net: hns3: store rx VLAN tag offload state for VF Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 65/97] net: hns3: fix an interrupt residual problem Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 66/97] net: hns3: fixed debugfs tm_qset size Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 67/97] net: hns3: defer calling ptp_clock_register() Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 68/97] net: vertexcom: mse102x: Fix possible stuck of SPI interrupt Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 69/97] net: vertexcom: mse102x: Fix LEN_MASK Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 70/97] net: vertexcom: mse102x: Add range check for CMD_RTS Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 71/97] net: vertexcom: mse102x: Fix RX error handling Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 72/97] md: move initialization and destruction of io_acct_set to md.c Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 73/97] PCI: imx6: Skip controller_id generation logic for i.MX7D Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 74/97] sch_htb: make htb_qlen_notify() idempotent Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 75/97] sch_drr: make drr_qlen_notify() idempotent Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 76/97] sch_hfsc: make hfsc_qlen_notify() idempotent Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 77/97] sch_qfq: make qfq_qlen_notify() idempotent Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 78/97] sch_ets: make est_qlen_notify() idempotent Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 79/97] Revert "x86/kexec: Allocate PGD for x86_64 transition page tables separately" Greg Kroah-Hartman
2025-05-07 18:49 ` David Woodhouse
2025-05-07 18:39 ` [PATCH 6.1 80/97] firmware: arm_scmi: Balance device refcount when destroying devices Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 81/97] firmware: arm_ffa: Skip Rx buffer ownership release if not acquired Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 82/97] ARM: dts: opos6ul: add ksz8081 phy properties Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 83/97] net: phy: microchip: force IRQ polling mode for lan88xx Greg Kroah-Hartman
2025-05-07 18:39 ` [PATCH 6.1 84/97] Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates" Greg Kroah-Hartman
2025-05-07 18:40 ` [PATCH 6.1 85/97] irqchip/gic-v2m: Mark a few functions __init Greg Kroah-Hartman
2025-05-07 18:40 ` [PATCH 6.1 86/97] irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() Greg Kroah-Hartman
2025-05-07 18:40 ` [PATCH 6.1 87/97] memcg: drain obj stock on cpu hotplug teardown Greg Kroah-Hartman
2025-05-07 18:40 ` [PATCH 6.1 88/97] riscv: uprobes: Add missing fence.i after building the XOL buffer Greg Kroah-Hartman
2025-05-07 18:40 ` [PATCH 6.1 89/97] iommu/arm-smmu-v3: Use the new rb tree helpers Greg Kroah-Hartman
2025-05-07 18:40 ` [PATCH 6.1 90/97] iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream ids Greg Kroah-Hartman
2025-05-07 18:40 ` [PATCH 6.1 91/97] drm/amd/display: phase2 enable mst hdcp multiple displays Greg Kroah-Hartman
2025-05-07 18:40 ` [PATCH 6.1 92/97] drm/amd/display: Clean up style problems in amdgpu_dm_hdcp.c Greg Kroah-Hartman
2025-05-07 18:40 ` [PATCH 6.1 93/97] drm/amd/display: Change HDCP update sequence for DM Greg Kroah-Hartman
2025-05-07 18:40 ` [PATCH 6.1 94/97] drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp Greg Kroah-Hartman
2025-05-07 18:40 ` [PATCH 6.1 95/97] drm/amd/display: Fix slab-use-after-free in hdcp Greg Kroah-Hartman
2025-05-07 18:40 ` [PATCH 6.1 96/97] ASoC: Use of_property_read_bool() Greg Kroah-Hartman
2025-05-07 18:40 ` [PATCH 6.1 97/97] ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties Greg Kroah-Hartman
2025-05-08 7:21 ` [PATCH 6.1 00/97] 6.1.138-rc1 review Pavel Machek
2025-05-08 9:45 ` Jon Hunter
2025-05-08 9:48 ` Jon Hunter
2025-05-08 9:52 ` Jon Hunter
2025-05-08 11:24 ` Greg Kroah-Hartman
2025-05-08 12:21 ` Jon Hunter
2025-05-08 11:28 ` Florian Fainelli
2025-05-08 15:00 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250507183809.290394861@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=kuba@kernel.org \
--cc=nbd@nbd.name \
--cc=patches@lists.linux.dev \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=willemb@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox