Patch "gro: Only verify TCP checksums for candidates" has been added to the 3.12-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Thu, 05 Dec 2013 16:39:46 -0800

This is a note to let you know that I've just added the patch titled

    gro: Only verify TCP checksums for candidates

to the 3.12-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     gro-only-verify-tcp-checksums-for-candidates.patch
and it can be found in the queue-3.12 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From foo@baz Thu Dec  5 16:16:39 PST 2013
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Fri, 22 Nov 2013 10:31:29 +0800
Subject: gro: Only verify TCP checksums for candidates

From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

[ Upstream commit cc5c00bbb44c5d68b883aa5cb9d01514a2525d94 ]

In some cases we may receive IP packets that are longer than
their stated lengths.  Such packets are never merged in GRO.
However, we may end up computing their checksums incorrectly
and end up allowing packets with a bogus checksum enter our
stack with the checksum status set as verified.

Since such packets are rare and not performance-critical, this
patch simply skips the checksum verification for them.

Reported-by: Alexander Duyck <alexander.h.duyck@xxxxxxxxx>
Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Acked-by: Alexander Duyck <alexander.h.duyck@xxxxxxxxx>

Thanks,
Acked-by: Eric Dumazet <edumazet@xxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 net/ipv4/tcp_offload.c   |    5 +++++
 net/ipv6/tcpv6_offload.c |    5 +++++
 2 files changed, 10 insertions(+)

--- a/net/ipv4/tcp_offload.c
+++ b/net/ipv4/tcp_offload.c
@@ -274,6 +274,10 @@ static struct sk_buff **tcp4_gro_receive
 	__wsum wsum;
 	__sum16 sum;
 
+	/* Don't bother verifying checksum if we're going to flush anyway. */
+	if (NAPI_GRO_CB(skb)->flush)
+		goto skip_csum;
+
 	switch (skb->ip_summed) {
 	case CHECKSUM_COMPLETE:
 		if (!tcp_v4_check(skb_gro_len(skb), iph->saddr, iph->daddr,
@@ -299,6 +303,7 @@ flush:
 		break;
 	}
 
+skip_csum:
 	return tcp_gro_receive(head, skb);
 }
 
--- a/net/ipv6/tcpv6_offload.c
+++ b/net/ipv6/tcpv6_offload.c
@@ -39,6 +39,10 @@ static struct sk_buff **tcp6_gro_receive
 	__wsum wsum;
 	__sum16 sum;
 
+	/* Don't bother verifying checksum if we're going to flush anyway. */
+	if (NAPI_GRO_CB(skb)->flush)
+		goto skip_csum;
+
 	switch (skb->ip_summed) {
 	case CHECKSUM_COMPLETE:
 		if (!tcp_v6_check(skb_gro_len(skb), &iph->saddr, &iph->daddr,
@@ -65,6 +69,7 @@ flush:
 		break;
 	}
 
+skip_csum:
 	return tcp_gro_receive(head, skb);
 }
 


Patches currently in stable-queue which might be from herbert@xxxxxxxxxxxxxxxxxxx are

queue-3.12/gro-only-verify-tcp-checksums-for-candidates.patch
queue-3.12/gro-clean-up-tcpx_gro_receive-checksum-verification.patch
queue-3.12/gso-handle-new-frag_list-of-frags-gro-packets.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html







