[PATCH v3] net: linearizing skb when downgrade gso_size
From: Fred Li
Date: Wed Jul 17 2024 - 01:36:02 EST
Linearizing skb when downgrade gso_size because it may
trigger the BUG_ON when segment skb as described in [1].
v3 changes:
linearize skb if having frag_list as Willem de Bruijn suggested[2].
[1] https://lore.kernel.org/all/20240626065555.35460-2-dracodingfly@xxxxxxxxx/
[2] https://lore.kernel.org/all/668d5cf1ec330_1c18c32947@xxxxxxxxxxxxxxxxxxxxxx.notmuch/
Signed-off-by: Fred Li <dracodingfly@xxxxxxxxx>
---
net/core/filter.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/net/core/filter.c b/net/core/filter.c
index df4578219e82..70919b532d68 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -3525,13 +3525,21 @@ static int bpf_skb_net_grow(struct sk_buff *skb, u32 off, u32 len_diff,
if (skb_is_gso(skb)) {
struct skb_shared_info *shinfo = skb_shinfo(skb);
- /* Due to header grow, MSS needs to be downgraded. */
- if (!(flags & BPF_F_ADJ_ROOM_FIXED_GSO))
- skb_decrease_gso_size(shinfo, len_diff);
-
/* Header must be checked, and gso_segs recomputed. */
shinfo->gso_type |= gso_type;
shinfo->gso_segs = 0;
+
+ /* Due to header grow, MSS needs to be downgraded.
+ * There is BUG_ON When segment the frag_list with
+ * head_frag true so linearize skb after downgrade
+ * the MSS.
+ */
+ if (!(flags & BPF_F_ADJ_ROOM_FIXED_GSO)) {
+ skb_decrease_gso_size(shinfo, len_diff);
+ if (shinfo->frag_list)
+ return skb_linearize(skb);
+ }
+
}
return 0;
--
2.33.0