]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blobdiff - src/patches/suse-2.6.27.31/patches.xen/gso-size-check.patch
projects / people / pmueller / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Revert "Move xen patchset to new version's subdir."
[people/pmueller/ipfire-2.x.git] / src / patches / suse-2.6.27.31 / patches.xen / gso-size-check.patch
diff --git a/src/patches/suse-2.6.27.31/patches.xen/gso-size-check.patch b/src/patches/suse-2.6.27.31/patches.xen/gso-size-check.patch
deleted file mode 100644 (file)
index 9fe2bce..0000000
--- a/src/patches/suse-2.6.27.31/patches.xen/gso-size-check.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From: http://patchwork.ozlabs.org/patch/18346/
-Subject: gso: Ensure that the packet is long enough
-See also http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/d490aa798cc4
-
-When we get a GSO packet from an untrusted source, we need to
-ensure that it is sufficiently long so that we don't end up
-crashing.
-
-Based on discovery and patch by Ian Campbell.
-
-Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-Tested-by: Ian Campbell <ian.campbell@citrix.com>
-Acked-by: jbeulich@novell.com
-
----
- net/ipv4/tcp.c |   13 +++++++------
- 1 file changed, 7 insertions(+), 6 deletions(-)
-
---- a/net/ipv4/tcp.c
-+++ b/net/ipv4/tcp.c
-@@ -2390,7 +2390,7 @@ struct sk_buff *tcp_tso_segment(struct s
-       unsigned int seq;
-       __be32 delta;
-       unsigned int oldlen;
--      unsigned int len;
-+      unsigned int mss;
-       if (!pskb_may_pull(skb, sizeof(*th)))
-               goto out;
-@@ -2406,10 +2406,13 @@ struct sk_buff *tcp_tso_segment(struct s
-       oldlen = (u16)~skb->len;
-       __skb_pull(skb, thlen);
-+      mss = skb_shinfo(skb)->gso_size;
-+      if (unlikely(skb->len <= mss))
-+              goto out;
-+
-       if (skb_gso_ok(skb, features | NETIF_F_GSO_ROBUST)) {
-               /* Packet is from an untrusted source, reset gso_segs. */
-               int type = skb_shinfo(skb)->gso_type;
--              int mss;
-               if (unlikely(type &
-                            ~(SKB_GSO_TCPV4 |
-@@ -2420,7 +2423,6 @@ struct sk_buff *tcp_tso_segment(struct s
-                            !(type & (SKB_GSO_TCPV4 | SKB_GSO_TCPV6))))
-                       goto out;
--              mss = skb_shinfo(skb)->gso_size;
-               skb_shinfo(skb)->gso_segs = DIV_ROUND_UP(skb->len, mss);
-               segs = NULL;
-@@ -2431,8 +2433,7 @@ struct sk_buff *tcp_tso_segment(struct s
-       if (IS_ERR(segs))
-               goto out;
--      len = skb_shinfo(skb)->gso_size;
--      delta = htonl(oldlen + (thlen + len));
-+      delta = htonl(oldlen + (thlen + mss));
-       skb = segs;
-       th = tcp_hdr(skb);
-@@ -2448,7 +2449,7 @@ struct sk_buff *tcp_tso_segment(struct s
-                            csum_fold(csum_partial(skb_transport_header(skb),
-                                                   thlen, skb->csum));
--              seq += len;
-+              seq += mss;
-               skb = skb->next;
-               th = tcp_hdr(skb);
Peter's tree of IPFire 2.x