[thirdparty/kernel/stable-queue.git] / releases / 5.0.8 / net-gro-fix-gro-flush-when-receiving-a-gso-packet.patch

From 9f79e021de58e4682c44cef09f22ab02d4bef741 Mon Sep 17 00:00:00 2001
From: Steffen Klassert <steffen.klassert@secunet.com>
Date: Tue, 2 Apr 2019 08:16:03 +0200
Subject: net-gro: Fix GRO flush when receiving a GSO packet.

[ Upstream commit 0ab03f353d3613ea49d1f924faf98559003670a8 ]

Currently we may merge incorrectly a received GSO packet
or a packet with frag_list into a packet sitting in the
gro_hash list. skb_segment() may crash case because
the assumptions on the skb layout are not met.
The correct behaviour would be to flush the packet in the
gro_hash list and send the received GSO packet directly
afterwards. Commit d61d072e87c8e ("net-gro: avoid reorders")
sets NAPI_GRO_CB(skb)->flush in this case, but this is not
checked before merging. This patch makes sure to check this
flag and to not merge in that case.

Fixes: d61d072e87c8e ("net-gro: avoid reorders")
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/core/skbuff.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 2415d9cb9b89..ef2cd5712098 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -3801,7 +3801,7 @@ int skb_gro_receive(struct sk_buff *p, struct sk_buff *skb)
 	unsigned int delta_truesize;
 	struct sk_buff *lp;
 
-	if (unlikely(p->len + len >= 65536))
+	if (unlikely(p->len + len >= 65536 || NAPI_GRO_CB(skb)->flush))
 		return -E2BIG;
 
 	lp = NAPI_GRO_CB(p)->last;
-- 
2.19.1
Commit	Line	Data
6b6035bf SL	1	From 9f79e021de58e4682c44cef09f22ab02d4bef741 Mon Sep 17 00:00:00 2001
	2	From: Steffen Klassert <steffen.klassert@secunet.com>
	3	Date: Tue, 2 Apr 2019 08:16:03 +0200
	4	Subject: net-gro: Fix GRO flush when receiving a GSO packet.
	5
	6	[ Upstream commit 0ab03f353d3613ea49d1f924faf98559003670a8 ]
	7
	8	Currently we may merge incorrectly a received GSO packet
	9	or a packet with frag_list into a packet sitting in the
	10	gro_hash list. skb_segment() may crash case because
	11	the assumptions on the skb layout are not met.
	12	The correct behaviour would be to flush the packet in the
	13	gro_hash list and send the received GSO packet directly
	14	afterwards. Commit d61d072e87c8e ("net-gro: avoid reorders")
	15	sets NAPI_GRO_CB(skb)->flush in this case, but this is not
	16	checked before merging. This patch makes sure to check this
	17	flag and to not merge in that case.
	18
	19	Fixes: d61d072e87c8e ("net-gro: avoid reorders")
	20	Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
	21	Signed-off-by: David S. Miller <davem@davemloft.net>
	22	Signed-off-by: Sasha Levin <sashal@kernel.org>
	23	---
	24	net/core/skbuff.c \| 2 +-
	25	1 file changed, 1 insertion(+), 1 deletion(-)
	26
	27	diff --git a/net/core/skbuff.c b/net/core/skbuff.c
	28	index 2415d9cb9b89..ef2cd5712098 100644
	29	--- a/net/core/skbuff.c
	30	+++ b/net/core/skbuff.c
	31	@@ -3801,7 +3801,7 @@ int skb_gro_receive(struct sk_buff p, struct sk_buff skb)
	32	unsigned int delta_truesize;
	33	struct sk_buff *lp;
	34
	35	- if (unlikely(p->len + len >= 65536))
	36	+ if (unlikely(p->len + len >= 65536 \|\| NAPI_GRO_CB(skb)->flush))
	37	return -E2BIG;
	38
	39	lp = NAPI_GRO_CB(p)->last;
	40	--
	41	2.19.1
	42