From a5a941a997c46b125cb76dca7565a688bb2ad899 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Fri, 3 May 2024 18:44:57 +0200 Subject: [PATCH] kernel: add missing check for TCP GRO Need to check if the skb data buffer is linear up to (and including) the TCP header. Fixes: https://github.com/openwrt/openwrt/issues/15359 Signed-off-by: Felix Fietkau --- .../680-net-add-TCP-fraglist-GRO-support.patch | 9 +++++---- .../680-net-add-TCP-fraglist-GRO-support.patch | 9 +++++---- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/target/linux/generic/pending-6.1/680-net-add-TCP-fraglist-GRO-support.patch b/target/linux/generic/pending-6.1/680-net-add-TCP-fraglist-GRO-support.patch index 841c0de3e1b8..f52233fe908e 100644 --- a/target/linux/generic/pending-6.1/680-net-add-TCP-fraglist-GRO-support.patch +++ b/target/linux/generic/pending-6.1/680-net-add-TCP-fraglist-GRO-support.patch @@ -318,7 +318,7 @@ Signe-off-by: Felix Fietkau flush = NAPI_GRO_CB(p)->flush; flush |= (__force int)(flags & TCP_FLAG_CWR); flush |= (__force int)((flags ^ tcp_flag_word(th2)) & -@@ -268,6 +350,18 @@ found: +@@ -268,6 +350,19 @@ found: flush |= p->decrypted ^ skb->decrypted; #endif @@ -326,6 +326,7 @@ Signe-off-by: Felix Fietkau + flush |= (__force int)(flags ^ tcp_flag_word(th2)); + flush |= skb->ip_summed != p->ip_summed; + flush |= skb->csum_level != p->csum_level; ++ flush |= !pskb_may_pull(skb, skb_gro_offset(skb)); + flush |= NAPI_GRO_CB(p)->count >= 64; + + if (flush || skb_gro_receive_list(p, skb)) @@ -337,7 +338,7 @@ Signe-off-by: Felix Fietkau if (flush || skb_gro_receive(p, skb)) { mss = 1; goto out_check_final; -@@ -289,7 +383,6 @@ out_check_final: +@@ -289,7 +384,6 @@ out_check_final: if (p && (!NAPI_GRO_CB(skb)->same_flow || flush)) pp = p; @@ -345,7 +346,7 @@ Signe-off-by: Felix Fietkau NAPI_GRO_CB(skb)->flush |= (flush != 0); return pp; -@@ -315,18 +408,58 @@ int tcp_gro_complete(struct sk_buff *skb +@@ -315,18 +409,58 @@ int tcp_gro_complete(struct sk_buff *skb } EXPORT_SYMBOL(tcp_gro_complete); @@ -409,7 +410,7 @@ Signe-off-by: Felix Fietkau } INDIRECT_CALLABLE_SCOPE int tcp4_gro_complete(struct sk_buff *skb, int thoff) -@@ -334,6 +467,15 @@ INDIRECT_CALLABLE_SCOPE int tcp4_gro_com +@@ -334,6 +468,15 @@ INDIRECT_CALLABLE_SCOPE int tcp4_gro_com const struct iphdr *iph = ip_hdr(skb); struct tcphdr *th = tcp_hdr(skb); diff --git a/target/linux/generic/pending-6.6/680-net-add-TCP-fraglist-GRO-support.patch b/target/linux/generic/pending-6.6/680-net-add-TCP-fraglist-GRO-support.patch index 7af7d8830c66..cd7762667713 100644 --- a/target/linux/generic/pending-6.6/680-net-add-TCP-fraglist-GRO-support.patch +++ b/target/linux/generic/pending-6.6/680-net-add-TCP-fraglist-GRO-support.patch @@ -269,7 +269,7 @@ Signe-off-by: Felix Fietkau flush = NAPI_GRO_CB(p)->flush; flush |= (__force int)(flags & TCP_FLAG_CWR); flush |= (__force int)((flags ^ tcp_flag_word(th2)) & -@@ -269,6 +351,18 @@ found: +@@ -269,6 +351,19 @@ found: flush |= p->decrypted ^ skb->decrypted; #endif @@ -277,6 +277,7 @@ Signe-off-by: Felix Fietkau + flush |= (__force int)(flags ^ tcp_flag_word(th2)); + flush |= skb->ip_summed != p->ip_summed; + flush |= skb->csum_level != p->csum_level; ++ flush |= !pskb_may_pull(skb, skb_gro_offset(skb)); + flush |= NAPI_GRO_CB(p)->count >= 64; + + if (flush || skb_gro_receive_list(p, skb)) @@ -288,7 +289,7 @@ Signe-off-by: Felix Fietkau if (flush || skb_gro_receive(p, skb)) { mss = 1; goto out_check_final; -@@ -290,7 +384,6 @@ out_check_final: +@@ -290,7 +385,6 @@ out_check_final: if (p && (!NAPI_GRO_CB(skb)->same_flow || flush)) pp = p; @@ -296,7 +297,7 @@ Signe-off-by: Felix Fietkau NAPI_GRO_CB(skb)->flush |= (flush != 0); return pp; -@@ -314,18 +407,58 @@ void tcp_gro_complete(struct sk_buff *sk +@@ -314,18 +408,58 @@ void tcp_gro_complete(struct sk_buff *sk } EXPORT_SYMBOL(tcp_gro_complete); @@ -360,7 +361,7 @@ Signe-off-by: Felix Fietkau } INDIRECT_CALLABLE_SCOPE int tcp4_gro_complete(struct sk_buff *skb, int thoff) -@@ -333,6 +466,15 @@ INDIRECT_CALLABLE_SCOPE int tcp4_gro_com +@@ -333,6 +467,15 @@ INDIRECT_CALLABLE_SCOPE int tcp4_gro_com const struct iphdr *iph = ip_hdr(skb); struct tcphdr *th = tcp_hdr(skb); -- 2.30.2