[PATCH 3.11 045/208] gro: Only verify TCP checksums for candidates

From: Luis Henriques
Date: Thu Dec 19 2013 - 08:01:14 EST

Next message: Luis Henriques: "[PATCH 3.11 039/208] net: update consumers of MSG_MORE to recognize MSG_SENDPAGE_NOTLAST"
Previous message: Luis Henriques: "[PATCH 3.11 041/208] inet: fix possible seqlock deadlocks"
In reply to: Luis Henriques: "[PATCH 3.11 041/208] inet: fix possible seqlock deadlocks"
Next in thread: Luis Henriques: "[PATCH 3.11 039/208] net: update consumers of MSG_MORE to recognize MSG_SENDPAGE_NOTLAST"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

3.11.10.2 -stable review patch. If anyone has any objections, please let me know.

------------------

From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

commit cc5c00bbb44c5d68b883aa5cb9d01514a2525d94 upstream.

In some cases we may receive IP packets that are longer than
their stated lengths. Such packets are never merged in GRO.
However, we may end up computing their checksums incorrectly
and end up allowing packets with a bogus checksum enter our
stack with the checksum status set as verified.

Since such packets are rare and not performance-critical, this
patch simply skips the checksum verification for them.

Reported-by: Alexander Duyck <alexander.h.duyck@xxxxxxxxx>
Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Acked-by: Alexander Duyck <alexander.h.duyck@xxxxxxxxx>

Thanks,
Acked-by: Eric Dumazet <edumazet@xxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Luis Henriques <luis.henriques@xxxxxxxxxxxxx>
---
net/ipv4/tcp_offload.c | 5 +++++
net/ipv6/tcpv6_offload.c | 5 +++++
2 files changed, 10 insertions(+)

diff --git a/net/ipv4/tcp_offload.c b/net/ipv4/tcp_offload.c
index 533c58a..44c8678 100644
--- a/net/ipv4/tcp_offload.c
+++ b/net/ipv4/tcp_offload.c
@@ -274,6 +274,10 @@ static struct sk_buff **tcp4_gro_receive(struct sk_buff **head, struct sk_buff *
__wsum wsum;
__sum16 sum;

+ /* Don't bother verifying checksum if we're going to flush anyway. */
+ if (NAPI_GRO_CB(skb)->flush)
+ goto skip_csum;
+
switch (skb->ip_summed) {
case CHECKSUM_COMPLETE:
if (!tcp_v4_check(skb_gro_len(skb), iph->saddr, iph->daddr,
@@ -299,6 +303,7 @@ flush:
break;
}

+skip_csum:
return tcp_gro_receive(head, skb);
}

diff --git a/net/ipv6/tcpv6_offload.c b/net/ipv6/tcpv6_offload.c
index 2ec6bf6..78081d8 100644
--- a/net/ipv6/tcpv6_offload.c
+++ b/net/ipv6/tcpv6_offload.c
@@ -39,6 +39,10 @@ static struct sk_buff **tcp6_gro_receive(struct sk_buff **head,
__wsum wsum;
__sum16 sum;

+ /* Don't bother verifying checksum if we're going to flush anyway. */
+ if (NAPI_GRO_CB(skb)->flush)
+ goto skip_csum;
+
switch (skb->ip_summed) {
case CHECKSUM_COMPLETE:
if (!tcp_v6_check(skb_gro_len(skb), &iph->saddr, &iph->daddr,
@@ -65,6 +69,7 @@ flush:
break;
}

+skip_csum:
return tcp_gro_receive(head, skb);
}

--
1.8.3.2

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Luis Henriques: "[PATCH 3.11 039/208] net: update consumers of MSG_MORE to recognize MSG_SENDPAGE_NOTLAST"
Previous message: Luis Henriques: "[PATCH 3.11 041/208] inet: fix possible seqlock deadlocks"
In reply to: Luis Henriques: "[PATCH 3.11 041/208] inet: fix possible seqlock deadlocks"
Next in thread: Luis Henriques: "[PATCH 3.11 039/208] net: update consumers of MSG_MORE to recognize MSG_SENDPAGE_NOTLAST"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]