From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DEC45371895 for ; Tue, 31 Mar 2026 23:17:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774999024; cv=none; b=DvTjPeKTIJxvhRcnDVk7FQfvB8wwAe57DgMSzOBx73Bs1mO/yUsdcQPOXMalXHQWq6vGtBSSF9Z6/pMrOAcSs8o7BNDlMFqGAUU7LQ5NbjxYzRjXQBeVu0qatxgPbzY+fHYxnqnA/ZJT1pY8ZZZIj80mZd1KBXzNREcd0S4Hl4Q= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774999024; c=relaxed/simple; bh=9mNsGrHeaxdh+VbfX69C6wIlKKGGWv10mJX17+Ra6+o=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Gy1VaFZRq/jVjSfudFWPe9A7e0dTbn1GvbVxTo7h9Eqjc6efAzdKUVlSpQ7HaKGjPW8ZwXVB4fNnx6Nw43//kY15zH4VCeL/QhEJwesJ+pWL/nbajD6YKs8DZ+BbBGPgiY+F/eGDnD/OV5V/YbnCrciuhTREQ3CE+2lSMTdlzwY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=JavyXqKq; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="JavyXqKq" Received: by smtp.kernel.org (Postfix) with ESMTPSA id E8333C19423; Tue, 31 Mar 2026 23:17:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1774999024; bh=9mNsGrHeaxdh+VbfX69C6wIlKKGGWv10mJX17+Ra6+o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=JavyXqKq7uvWpxSiMSiULW4+xHWiaI7pV1yL5KnuspqwIyl60+/a+Q7GBmcwy1R3g ReSlMguimG0e10DBQC/GMYaqeTJb8j6/tc24IVC0jzTj7KmVvOVqYkGuRHgkjCQ11W 2oP8ND2Ah6I+kLY//THz+6+vHoC8VPEKwr9VIYaYiW5sXK8eODsJQetO9boTBaXT4X 77V9CDKCeP7SrHFv5Q4Y8WUh7BJ6Px84e093QAcW/0rUU9boZSreBH6e77z/3jPDRX nCL2BqNjN6APMpkQxnrJqNw7b/jhLMCpPpECSpF+5auI4LBzAlWYABFmLEI5d5BYbn /3jAn3V34CyBA== From: Sasha Levin To: stable@vger.kernel.org Cc: Willem de Bruijn , Tangxin Xie , Paolo Abeni , Sasha Levin Subject: [PATCH 6.1.y] net: correctly handle tunneled traffic on IPV6_CSUM GSO fallback Date: Tue, 31 Mar 2026 19:17:02 -0400 Message-ID: <20260331231702.3419414-1-sashal@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <2026033031-retreat-facility-1b68@gregkh> References: <2026033031-retreat-facility-1b68@gregkh> Precedence: bulk X-Mailing-List: stable@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Willem de Bruijn [ Upstream commit c4336a07eb6b2526dc2b62928b5104b41a7f81f5 ] NETIF_F_IPV6_CSUM only advertises support for checksum offload of packets without IPv6 extension headers. Packets with extension headers must fall back onto software checksumming. Since TSO depends on checksum offload, those must revert to GSO. The below commit introduces that fallback. It always checks network header length. For tunneled packets, the inner header length must be checked instead. Extend the check accordingly. A special case is tunneled packets without inner IP protocol. Such as RFC 6951 SCTP in UDP. Those are not standard IPv6 followed by transport header either, so also must revert to the software GSO path. Cc: stable@vger.kernel.org Fixes: 864e3396976e ("net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM") Reported-by: Tangxin Xie Closes: https://lore.kernel.org/netdev/0414e7e2-9a1c-4d7c-a99d-b9039cf68f40@yeah.net/ Suggested-by: Paolo Abeni Signed-off-by: Willem de Bruijn Link: https://patch.msgid.link/20260320190148.2409107-1-willemdebruijn.kernel@gmail.com Signed-off-by: Paolo Abeni Signed-off-by: Sasha Levin --- net/core/dev.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/net/core/dev.c b/net/core/dev.c index a97239cd1b3a5..3c75feeeb6a71 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -3586,6 +3586,22 @@ static netdev_features_t dflt_features_check(struct sk_buff *skb, return vlan_features_check(skb, features); } +static bool skb_gso_has_extension_hdr(const struct sk_buff *skb) +{ + if (!skb->encapsulation) + return ((skb_shinfo(skb)->gso_type & SKB_GSO_TCPV6 || + (skb_shinfo(skb)->gso_type & SKB_GSO_UDP_L4 && + vlan_get_protocol(skb) == htons(ETH_P_IPV6))) && + skb_transport_header_was_set(skb) && + skb_network_header_len(skb) != sizeof(struct ipv6hdr)); + else + return (!skb_inner_network_header_was_set(skb) || + ((skb_shinfo(skb)->gso_type & SKB_GSO_TCPV6 || + (skb_shinfo(skb)->gso_type & SKB_GSO_UDP_L4 && + inner_ip_hdr(skb)->version == 6)) && + skb_inner_network_header_len(skb) != sizeof(struct ipv6hdr))); +} + static netdev_features_t gso_features_check(const struct sk_buff *skb, struct net_device *dev, netdev_features_t features) @@ -3627,11 +3643,7 @@ static netdev_features_t gso_features_check(const struct sk_buff *skb, * so neither does TSO that depends on it. */ if (features & NETIF_F_IPV6_CSUM && - (skb_shinfo(skb)->gso_type & SKB_GSO_TCPV6 || - (skb_shinfo(skb)->gso_type & SKB_GSO_UDP_L4 && - vlan_get_protocol(skb) == htons(ETH_P_IPV6))) && - skb_transport_header_was_set(skb) && - skb_network_header_len(skb) != sizeof(struct ipv6hdr) && + skb_gso_has_extension_hdr(skb) && !ipv6_has_hopopt_jumbo(skb)) features &= ~(NETIF_F_IPV6_CSUM | NETIF_F_TSO6 | NETIF_F_GSO_UDP_L4); -- 2.53.0