ia64/xen-unstable

changeset 10624:17e9daeb2c50

[NET]: Update net-gso.patch. Remove net-tso.patch.

New changeset merged upstream:

[TCP]: Reset gso_segs if packet is dodgy

I wasn't paranoid enough in verifying GSO information. A bogus gso_segs
could upset drivers as much as a bogus header would. Let's reset it in
the per-protocol gso_segment functions.

I didn't verify gso_size because that can be verified by the source of
the dodgy packets.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author kaf24@firebug.cl.cam.ac.uk
date Fri Jun 30 14:41:13 2006 +0100 (2006-06-30)
parents c1119ff85f4e
children f5a5f49935fd 64f9f308e109
files patches/linux-2.6.16.13/net-gso.patch
line diff
     1.1 --- a/patches/linux-2.6.16.13/net-gso.patch	Fri Jun 30 14:30:43 2006 +0100
     1.2 +++ b/patches/linux-2.6.16.13/net-gso.patch	Fri Jun 30 14:41:13 2006 +0100
     1.3 @@ -2225,7 +2225,7 @@ index d64e2ec..7494823 100644
     1.4   	err = ipcomp_compress(x, skb);
     1.5   	iph = skb->nh.iph;
     1.6  diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
     1.7 -index 00aa80e..84130c9 100644
     1.8 +index 00aa80e..30c81a8 100644
     1.9  --- a/net/ipv4/tcp.c
    1.10  +++ b/net/ipv4/tcp.c
    1.11  @@ -257,6 +257,7 @@ #include <linux/smp_lock.h>
    1.12 @@ -2281,7 +2281,7 @@ index 00aa80e..84130c9 100644
    1.13   
    1.14   			from += copy;
    1.15   			copied += copy;
    1.16 -@@ -2026,6 +2021,71 @@ int tcp_getsockopt(struct sock *sk, int 
    1.17 +@@ -2026,6 +2021,77 @@ int tcp_getsockopt(struct sock *sk, int 
    1.18   }
    1.19   
    1.20   
    1.21 @@ -2306,13 +2306,19 @@ index 00aa80e..84130c9 100644
    1.22  +	if (!pskb_may_pull(skb, thlen))
    1.23  +		goto out;
    1.24  +
    1.25 -+	segs = NULL;
    1.26 -+	if (skb_gso_ok(skb, features | NETIF_F_GSO_ROBUST))
    1.27 -+		goto out;
    1.28 -+
    1.29  +	oldlen = (u16)~skb->len;
    1.30  +	__skb_pull(skb, thlen);
    1.31  +
    1.32 ++	if (skb_gso_ok(skb, features | NETIF_F_GSO_ROBUST)) {
    1.33 ++		/* Packet is from an untrusted source, reset gso_segs. */
    1.34 ++		int mss = skb_shinfo(skb)->gso_size;
    1.35 ++
    1.36 ++		skb_shinfo(skb)->gso_segs = (skb->len + mss - 1) / mss;
    1.37 ++
    1.38 ++		segs = NULL;
    1.39 ++		goto out;
    1.40 ++	}
    1.41 ++
    1.42  +	segs = skb_segment(skb, features);
    1.43  +	if (IS_ERR(segs))
    1.44  +		goto out;
     2.1 --- a/patches/linux-2.6.16.13/net-tso.patch	Fri Jun 30 14:30:43 2006 +0100
     2.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     2.3 @@ -1,28 +0,0 @@
     2.4 -diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
     2.5 -index 0336422..0bb0ac9 100644
     2.6 ---- a/net/ipv4/tcp.c
     2.7 -+++ b/net/ipv4/tcp.c
     2.8 -@@ -2166,13 +2166,19 @@ struct sk_buff *tcp_tso_segment(struct s
     2.9 - 	if (!pskb_may_pull(skb, thlen))
    2.10 - 		goto out;
    2.11 - 
    2.12 --	segs = NULL;
    2.13 --	if (skb_gso_ok(skb, features | NETIF_F_GSO_ROBUST))
    2.14 --		goto out;
    2.15 --
    2.16 - 	oldlen = (u16)~skb->len;
    2.17 - 	__skb_pull(skb, thlen);
    2.18 - 
    2.19 -+	if (skb_gso_ok(skb, features | NETIF_F_GSO_ROBUST)) {
    2.20 -+		/* Packet is from an untrusted source, reset gso_segs. */
    2.21 -+		int mss = skb_shinfo(skb)->gso_size;
    2.22 -+
    2.23 -+		skb_shinfo(skb)->gso_segs = (skb->len + mss - 1) / mss;
    2.24 -+
    2.25 -+		segs = NULL;
    2.26 -+		goto out;
    2.27 -+	}
    2.28 -+
    2.29 - 	segs = skb_segment(skb, features);
    2.30 - 	if (IS_ERR(segs))
    2.31 - 		goto out;