[PATCH 3.13 057/212] net: gro: make sure skb->cb[] initial content has not to be zero

From: Kamal Mostafa
Date: Tue Jun 17 2014 - 17:46:55 EST

Next message: Kamal Mostafa: "[PATCH 3.13 069/212] [media] fc2580: fix tuning failure on 32-bit arch"
Previous message: Kamal Mostafa: "[PATCH 3.13 050/212] sfc: fix calling of free_irq with already free vector"
In reply to: Kamal Mostafa: "[PATCH 3.13 050/212] sfc: fix calling of free_irq with already free vector"
Next in thread: Kamal Mostafa: "[PATCH 3.13 069/212] [media] fc2580: fix tuning failure on 32-bit arch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

3.13.11.4 -stable review patch. If anyone has any objections, please let me know.

------------------

From: Eric Dumazet <edumazet@xxxxxxxxxx>

[ Upstream commit 29e98242783ed3ba569797846a606ba66f781625 ]

Starting from linux-3.13, GRO attempts to build full size skbs.

Problem is the commit assumed one particular field in skb->cb[]
was clean, but it is not the case on some stacked devices.

Timo reported a crash in case traffic is decrypted before
reaching a GRE device.

Fix this by initializing NAPI_GRO_CB(skb)->last at the right place,
this also removes one conditional.

Thanks a lot to Timo for providing full reports and bisecting this.

Fixes: 8a29111c7ca6 ("net: gro: allow to build full sized skb")
Bisected-by: Timo Teras <timo.teras@xxxxxx>
Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx>
Tested-by: Timo TerÃs <timo.teras@xxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Kamal Mostafa <kamal@xxxxxxxxxxxxx>
---
net/core/dev.c | 1 +
net/core/skbuff.c | 4 ++--
2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/net/core/dev.c b/net/core/dev.c
index 233d1c4..4c0ff6f 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -3882,6 +3882,7 @@ static enum gro_result dev_gro_receive(struct napi_struct *napi, struct sk_buff
napi->gro_count++;
NAPI_GRO_CB(skb)->count = 1;
NAPI_GRO_CB(skb)->age = jiffies;
+ NAPI_GRO_CB(skb)->last = skb;
skb_shinfo(skb)->gso_size = skb_gro_len(skb);
skb->next = napi->gro_list;
napi->gro_list = skb;
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index bdd6955..f45d60d 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -2980,7 +2980,7 @@ int skb_gro_receive(struct sk_buff **head, struct sk_buff *skb)
if (unlikely(p->len + len >= 65536))
return -E2BIG;

- lp = NAPI_GRO_CB(p)->last ?: p;
+ lp = NAPI_GRO_CB(p)->last;
pinfo = skb_shinfo(lp);

if (headlen <= offset) {
@@ -3096,7 +3096,7 @@ merge:

__skb_pull(skb, offset);

- if (!NAPI_GRO_CB(p)->last)
+ if (NAPI_GRO_CB(p)->last == p)
skb_shinfo(p)->frag_list = skb;
else
NAPI_GRO_CB(p)->last->next = skb;
--
1.9.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Kamal Mostafa: "[PATCH 3.13 069/212] [media] fc2580: fix tuning failure on 32-bit arch"
Previous message: Kamal Mostafa: "[PATCH 3.13 050/212] sfc: fix calling of free_irq with already free vector"
In reply to: Kamal Mostafa: "[PATCH 3.13 050/212] sfc: fix calling of free_irq with already free vector"
Next in thread: Kamal Mostafa: "[PATCH 3.13 069/212] [media] fc2580: fix tuning failure on 32-bit arch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]