This is a note to let you know that I've just added the patch titled
net: gro: make sure skb->cb[] initial content has not
to the 3.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
net-gro-make-sure-skb-cb-initial-content-has-not.patch
and it can be found in the queue-3.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From foo@baz Wed May 28 21:03:54 PDT 2014
From: Eric Dumazet <edumazet@xxxxxxxxxx>
Date: Fri, 16 May 2014 11:34:37 -0700
Subject: net: gro: make sure skb->cb[] initial content has not
to be zero
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
From: Eric Dumazet <edumazet@xxxxxxxxxx>
[ Upstream commit 29e98242783ed3ba569797846a606ba66f781625 ]
Starting from linux-3.13, GRO attempts to build full size skbs.
Problem is the commit assumed one particular field in skb->cb[]
was clean, but it is not the case on some stacked devices.
Timo reported a crash in case traffic is decrypted before
reaching a GRE device.
Fix this by initializing NAPI_GRO_CB(skb)->last at the right place,
this also removes one conditional.
Thanks a lot to Timo for providing full reports and bisecting this.
Fixes: 8a29111c7ca6 ("net: gro: allow to build full sized skb")
Bisected-by: Timo Teras <timo.teras@xxxxxx>
Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx>
Tested-by: Timo Teräs <timo.teras@xxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/core/dev.c | 1 +
net/core/skbuff.c | 4 ++--
2 files changed, 3 insertions(+), 2 deletions(-)
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -3944,6 +3944,7 @@ static enum gro_result dev_gro_receive(s
}
NAPI_GRO_CB(skb)->count = 1;
NAPI_GRO_CB(skb)->age = jiffies;
+ NAPI_GRO_CB(skb)->last = skb;
skb_shinfo(skb)->gso_size = skb_gro_len(skb);
skb->next = napi->gro_list;
napi->gro_list = skb;
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -3076,7 +3076,7 @@ int skb_gro_receive(struct sk_buff **hea
if (unlikely(p->len + len >= 65536))
return -E2BIG;
- lp = NAPI_GRO_CB(p)->last ?: p;
+ lp = NAPI_GRO_CB(p)->last;
pinfo = skb_shinfo(lp);
if (headlen <= offset) {
@@ -3192,7 +3192,7 @@ merge:
__skb_pull(skb, offset);
- if (!NAPI_GRO_CB(p)->last)
+ if (NAPI_GRO_CB(p)->last == p)
skb_shinfo(p)->frag_list = skb;
else
NAPI_GRO_CB(p)->last->next = skb;
Patches currently in stable-queue which might be from edumazet@xxxxxxxxxx are
queue-3.14/net-gro-make-sure-skb-cb-initial-content-has-not.patch
queue-3.14/ipv6-limit-mtu-to-65575-bytes.patch
queue-3.14/tcp_cubic-fix-the-range-of-delayed_ack.patch
queue-3.14/ipv6-gro-fix-checksum_complete-support.patch
queue-3.14/ipv4-ip_tunnels-disable-cache-for-nbma-gre-tunnels.patch
queue-3.14/net-gro-reset-skb-truesize-in-napi_reuse_skb.patch
queue-3.14/net-sched-lock-imbalance-in-hhf-qdisc.patch
queue-3.14/net-filter-x86-fix-jit-address-randomization.patch
queue-3.14/ip_tunnel-set-network-header-properly-for.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html