Re: [PATCH net-next v2] net: check qdisc_pkt_len_segs_init() return value on ingress
From: David CARLIER
Date: Mon Apr 13 2026 - 16:38:11 EST
Hi Eric,
You're right on both counts. An LLM was used for the initial
bug-finding /
pre-analysis on this one, and clearly it wasn't deep enough.
Daniel's
question made me go back and trace the redirect paths properly — the
premise was wrong, __dev_queue_xmit() already catches them. I should
have
re-read your 7fb4c1967011 commit message before sending.
Dropping it. Sorry for the noise.
Cheers,
On Mon, 13 Apr 2026 at 21:09, Eric Dumazet <edumazet@xxxxxxxxxx> wrote:
>
> On Mon, Apr 13, 2026 at 11:22 AM David Carlier <devnexen@xxxxxxxxx> wrote:
> >
> > Commit 7fb4c1967011 ("net: pull headers in qdisc_pkt_len_segs_init()")
> > changed qdisc_pkt_len_segs_init() to return an skb drop reason when
> > it detects malicious GSO packets. The egress path in __dev_queue_xmit()
> > checks this return value and drops bad packets, but the ingress path in
> > sch_handle_ingress() ignores it.
> >
> > This means malformed GSO packets entering via TC ingress are not dropped
> > and could be redirected to another interface or cause incorrect qdisc
> > accounting.
> >
> > Check the return value and drop the packet when a bad GSO is detected.
> >
> > Fixes: 7fb4c1967011 ("net: pull headers in qdisc_pkt_len_segs_init()")
> > Signed-off-by: David Carlier <devnexen@xxxxxxxxx>
> > ---
> >
> > v1 -> v2: reorder variable declarations for reverse xmas tree
> > v1: https://lore.kernel.org/netdev/20260408172307.46498-1-devnexen@xxxxxxxxx/
> > net/core/dev.c | 12 ++++++++++--
> > 1 file changed, 10 insertions(+), 2 deletions(-)
>
> NACK. This is is not needed.
>
> I will not even bother, this is an obvious LLM based patch.