From 4ced6ff3a8ea13b069dd3087ab22d252696e1def Mon Sep 17 00:00:00 2001
From: Jason Wang <jasowang@redhat.com>
Date: Thu, 26 May 2022 14:29:17 +0800
Subject: [PATCH] udp: allow header check for dodgy GSO_UDP_L4 packets
Content-type: text/plain

Signed-off-by: Jason Wang <jasowang@redhat.com>
---
 net/ipv4/udp_offload.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/net/ipv4/udp_offload.c b/net/ipv4/udp_offload.c
index 6d1a4bec2614..9579886ce557 100644
--- a/net/ipv4/udp_offload.c
+++ b/net/ipv4/udp_offload.c
@@ -280,6 +280,15 @@ struct sk_buff *__udp_gso_segment(struct sk_buff *gso_skb,
 	if (gso_skb->len <= sizeof(*uh) + mss)
 		return ERR_PTR(-EINVAL);
 
+	if (skb_gso_ok(gso_skb, features | NETIF_F_GSO_ROBUST)) {
+		/* Packet is from an untrusted source, reset gso_segs. */
+
+		skb_shinfo(gso_skb)->gso_segs = DIV_ROUND_UP(gso_skb->len, mss);
+
+		segs = NULL;
+		goto out;
+	}
+
 	skb_pull(gso_skb, sizeof(*uh));
 
 	/* clear destructor to avoid skb_segment assigning it to tail */
@@ -361,6 +370,7 @@ struct sk_buff *__udp_gso_segment(struct sk_buff *gso_skb,
 		else
 			WARN_ON_ONCE(refcount_sub_and_test(-delta, &sk->sk_wmem_alloc));
 	}
+out:
 	return segs;
 }
 EXPORT_SYMBOL_GPL(__udp_gso_segment);
-- 
2.25.1