Commit 64557669 authored by Herbert Xu's avatar Herbert Xu Committed by Luis Henriques

gro: Disable frag0 optimization on IPv6 ext headers

BugLink: http://bugs.launchpad.net/bugs/1656876

[ Upstream commit 57ea52a8 ]

The GRO fast path caches the frag0 address.  This address becomes
invalid if frag0 is modified by pskb_may_pull or its variants.
So whenever that happens we must disable the frag0 optimization.

This is usually done through the combination of gro_header_hard
and gro_header_slow, however, the IPv6 extension header path did
the pulling directly and would continue to use the GRO fast path
incorrectly.

This patch fixes it by disabling the fast path when we enter the
IPv6 extension header path.

Fixes: 78a478d0 ("gro: Inline skb_gro_header and cache frag0 virtual address")
Reported-by: default avatarSlava Shwartsman <slavash@mellanox.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarTim Gardner <tim.gardner@canonical.com>
Signed-off-by: default avatarLuis Henriques <luis.henriques@canonical.com>
parent b562ee57
...@@ -2374,14 +2374,19 @@ static inline int skb_gro_header_hard(struct sk_buff *skb, unsigned int hlen) ...@@ -2374,14 +2374,19 @@ static inline int skb_gro_header_hard(struct sk_buff *skb, unsigned int hlen)
return NAPI_GRO_CB(skb)->frag0_len < hlen; return NAPI_GRO_CB(skb)->frag0_len < hlen;
} }
static inline void skb_gro_frag0_invalidate(struct sk_buff *skb)
{
NAPI_GRO_CB(skb)->frag0 = NULL;
NAPI_GRO_CB(skb)->frag0_len = 0;
}
static inline void *skb_gro_header_slow(struct sk_buff *skb, unsigned int hlen, static inline void *skb_gro_header_slow(struct sk_buff *skb, unsigned int hlen,
unsigned int offset) unsigned int offset)
{ {
if (!pskb_may_pull(skb, hlen)) if (!pskb_may_pull(skb, hlen))
return NULL; return NULL;
NAPI_GRO_CB(skb)->frag0 = NULL; skb_gro_frag0_invalidate(skb);
NAPI_GRO_CB(skb)->frag0_len = 0;
return skb->data + offset; return skb->data + offset;
} }
......
...@@ -196,6 +196,7 @@ static struct sk_buff **ipv6_gro_receive(struct sk_buff **head, ...@@ -196,6 +196,7 @@ static struct sk_buff **ipv6_gro_receive(struct sk_buff **head,
ops = rcu_dereference(inet6_offloads[proto]); ops = rcu_dereference(inet6_offloads[proto]);
if (!ops || !ops->callbacks.gro_receive) { if (!ops || !ops->callbacks.gro_receive) {
__pskb_pull(skb, skb_gro_offset(skb)); __pskb_pull(skb, skb_gro_offset(skb));
skb_gro_frag0_invalidate(skb);
proto = ipv6_gso_pull_exthdrs(skb, proto); proto = ipv6_gso_pull_exthdrs(skb, proto);
skb_gro_pull(skb, -skb_transport_offset(skb)); skb_gro_pull(skb, -skb_transport_offset(skb));
skb_reset_transport_header(skb); skb_reset_transport_header(skb);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment