Received: by 2002:a89:288:0:b0:1f7:eeee:6653 with SMTP id j8csp404169lqh; Tue, 7 May 2024 02:48:59 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVjrlF5kTHRq8QIBXhB1txgwwtv9Es4zh0uL22FRvQIao59ci75s+7bZiPEqAdDoNTBLHG/XQh5MWy/4td3gKAds2NBwnlpsp+ZMkT4kw== X-Google-Smtp-Source: AGHT+IEN40z2cddmZjQae2wlcJj4wISnUuqUF60TiWCNHsFc6cmz2CQRAwPTZBM3OLN0kQIgz+7X X-Received: by 2002:a05:6a20:e687:b0:1a9:8836:ae37 with SMTP id mz7-20020a056a20e68700b001a98836ae37mr11989354pzb.12.1715075338869; Tue, 07 May 2024 02:48:58 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1715075338; cv=pass; d=google.com; s=arc-20160816; b=dGFz1dk5pH1jR6WjVzpDoNLp0DrsKXV2w0oDrZcLsnXcTb9tc+jao7XU+o/BXkrHYa TMz6VjExbRwol6/E4tJ80LHSEHg0xqpuq9Tfj3HtWCRzajBunWF40zFgMaKBqyF4i40j alEIm1lUimszuutnJQDmA5HeazXJBsqJZDMINKxfvKndOpw5kS+oWCM4USlJvO9niEzI 6obFT4kkw6wSBBKwD3UfOVt49zEQTwxf5r1l/lMX/eGC6FCQp0U+pyfv11SG8tunvivR fFH4i1bsR7lhcTD8iIZ/9ulnJdFaHO5jOTKNSonCyj8dBaEYjxB11ZKbjiaG2Ke7midK QSXQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=B91Dda2e2qRFkRF6V/Ev2t/FHXit3LZPc3UTQDv0sDQ=; fh=b13T6a5CbA4FWRlPW6EgI5jhHp4UiL/O49J5U5g3Y8k=; b=l92V1I6zjLaYnjYMxNmm8lLhX+OeVjZ+9ndWCLuTCOXQHiUEDjwUAusLohdPMey8lL ldxtGy5/TGt3tFwI7HdAIXi8mzHGT8/WGzi/s4lXytHQzhzB7kq746NqCjLyerMm/w2z oaBtL8ASkMj8Tx6z0BSHbHqmoLuT5rBD9hAHwF4/s8QEcxtZfcM44H+vYatItps5Uvtb +IPG9K12S8r1PWVTenqh3IuifsQdAC4fhPeXu8Q6LEaxyykqzysOinnN7exJFqwpnVhk H6tuJoem3B+b0r1ftqCSB+b2CKfwGO+MdFcyEvY8SP1YUntVzhAmNKN7zIZU0Ge0a//8 iuYQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=fail header.i=@nbd.name header.s=20160729 header.b=dH8pE8z8; arc=pass (i=1 dkim=pass dkdomain=nbd.name dmarc=pass fromdomain=nbd.name); spf=pass (google.com: domain of linux-kernel+bounces-171015-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-171015-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=nbd.name Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id lb8-20020a17090b4a4800b002ab45004e79si10647037pjb.1.2024.05.07.02.48.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 May 2024 02:48:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-171015-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=fail header.i=@nbd.name header.s=20160729 header.b=dH8pE8z8; arc=pass (i=1 dkim=pass dkdomain=nbd.name dmarc=pass fromdomain=nbd.name); spf=pass (google.com: domain of linux-kernel+bounces-171015-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-171015-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=nbd.name Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 818BA280ED1 for ; Tue, 7 May 2024 09:48:58 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E2C05158A1C; Tue, 7 May 2024 09:41:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=nbd.name header.i=@nbd.name header.b="dH8pE8z8" Received: from nbd.name (nbd.name [46.4.11.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 75FFA14EC62; Tue, 7 May 2024 09:41:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=46.4.11.11 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715074893; cv=none; b=XrCAeRwP9ZDWoVtPxe0ZMAtGDjkayIOoKo05VEtK09lEel1VACe7Y04iPyz9HmW7nTughIwrl+asMwGoYaLU6EzIxQHGJhuHFQLTtw8zSOIw4k+bApdqinoyqT3hmHgSpWoSN3XMLz1jZO28Gn2k/se9mawl50jzYbp99tmwMDI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715074893; c=relaxed/simple; bh=dODPQlY3EA6sbMqap8cxwX+oTqUUKDsbFS53aBcmjFo=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=osVsB46qkOzJUDNOUyaZw9DRthpGvGo4wpip7v2L7BV8VUgVbNsr8Zeu3n1VmN/LCuLXHgoPiTWHUfiofG9LUtBswGpxun5o2z/g/IvhzBt1jRUP+GC3gHiSDbcj8V0MqEvB0ZQ7nUWdspfrRO8Kga4S5vu03YqGNppiyw9kRsE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=nbd.name; spf=none smtp.mailfrom=nbd.name; dkim=pass (1024-bit key) header.d=nbd.name header.i=@nbd.name header.b=dH8pE8z8; arc=none smtp.client-ip=46.4.11.11 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=nbd.name Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=nbd.name DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=nbd.name; s=20160729; h=Content-Transfer-Encoding:MIME-Version:Message-ID:Date:Subject: Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=B91Dda2e2qRFkRF6V/Ev2t/FHXit3LZPc3UTQDv0sDQ=; b=dH8pE8z81w5sybqqJ5v558du+6 bsxUqQr9sFmzrPNaa1x5uoBZpiV8QaudCpW9yH0nwYeVACBbtuBRvYjk1yf5cUXFak96cSFFZzffb rdArh7PsUvWdogEBGCDjzqJDI0fHqCt5tVOvS3s/g9odKpO9dNwt6zM6+A/CuUcbMWn0=; Received: from p54ae9c93.dip0.t-ipconnect.de ([84.174.156.147] helo=localhost.localdomain) by ds12 with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (Exim 4.96) (envelope-from ) id 1s4HJy-00EIWj-2j; Tue, 07 May 2024 11:41:14 +0200 From: Felix Fietkau To: netdev@vger.kernel.org, Eric Dumazet , "David S. Miller" , David Ahern , Jakub Kicinski , Paolo Abeni , Willem de Bruijn Cc: linux-kernel@vger.kernel.org Subject: [PATCH net-next] net: add missing check for TCP fraglist GRO Date: Tue, 7 May 2024 11:41:13 +0200 Message-ID: <20240507094114.67716-1-nbd@nbd.name> X-Mailer: git-send-email 2.44.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit It turns out that the existing checks do not guarantee that the skb can be pulled up to the GRO offset. When using the usb r8152 network driver with GRO fraglist, the BUG() in __skb_pull is often triggered. Fix the crash by adding the missing check. Fixes: 8d95dc474f85 ("net: add code for TCP fraglist GRO") Signed-off-by: Felix Fietkau --- net/ipv4/tcp_offload.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/ipv4/tcp_offload.c b/net/ipv4/tcp_offload.c index c90704befd7b..a71d2e623f0c 100644 --- a/net/ipv4/tcp_offload.c +++ b/net/ipv4/tcp_offload.c @@ -353,6 +353,7 @@ struct sk_buff *tcp_gro_receive(struct list_head *head, struct sk_buff *skb, flush |= (__force int)(flags ^ tcp_flag_word(th2)); flush |= skb->ip_summed != p->ip_summed; flush |= skb->csum_level != p->csum_level; + flush |= !pskb_may_pull(skb, skb_gro_offset(skb)); flush |= NAPI_GRO_CB(p)->count >= 64; if (flush || skb_gro_receive_list(p, skb)) -- 2.44.0