Commit 812fbfa1 authored by Florian Westphal's avatar Florian Westphal Committed by Zefan Li

net: make skb_gso_segment error handling more robust

commit 330966e5 upstream.

skb_gso_segment has three possible return values:
1. a pointer to the first segmented skb
2. an errno value (IS_ERR())
3. NULL.  This can happen when GSO is used for header verification.

However, several callers currently test IS_ERR instead of IS_ERR_OR_NULL
and would oops when NULL is returned.

Note that these call sites should never actually see such a NULL return
value; all callers mask out the GSO bits in the feature argument.

However, there have been issues with some protocol handlers erronously not
respecting the specified feature mask in some cases.

It is preferable to get 'have to turn off hw offloading, else slow' reports
rather than 'kernel crashes'.
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Cc: Ben Hutchings <ben@decadent.org.uk>
[lizf: Backported to 3.4: drop some hunks as there are fewer skb_gso_segment()
 users in 3.4]
Signed-off-by: default avatarZefan Li <lizefan@huawei.com>
parent 4e237a3e
...@@ -255,7 +255,7 @@ int nf_queue(struct sk_buff *skb, ...@@ -255,7 +255,7 @@ int nf_queue(struct sk_buff *skb,
* returned by nf_queue. For instance, callers rely on -ECANCELED to mean * returned by nf_queue. For instance, callers rely on -ECANCELED to mean
* 'ignore this hook'. * 'ignore this hook'.
*/ */
if (IS_ERR(segs)) if (IS_ERR_OR_NULL(segs))
goto out_err; goto out_err;
queued = 0; queued = 0;
err = 0; err = 0;
......
...@@ -271,6 +271,8 @@ static int queue_gso_packets(int dp_ifindex, struct sk_buff *skb, ...@@ -271,6 +271,8 @@ static int queue_gso_packets(int dp_ifindex, struct sk_buff *skb,
segs = skb_gso_segment(skb, NETIF_F_SG | NETIF_F_HW_CSUM); segs = skb_gso_segment(skb, NETIF_F_SG | NETIF_F_HW_CSUM);
if (IS_ERR(segs)) if (IS_ERR(segs))
return PTR_ERR(segs); return PTR_ERR(segs);
if (segs == NULL)
return -EINVAL;
/* Queue all of the segments. */ /* Queue all of the segments. */
skb = segs; skb = segs;
......
...@@ -151,6 +151,8 @@ static int xfrm_output_gso(struct sk_buff *skb) ...@@ -151,6 +151,8 @@ static int xfrm_output_gso(struct sk_buff *skb)
kfree_skb(skb); kfree_skb(skb);
if (IS_ERR(segs)) if (IS_ERR(segs))
return PTR_ERR(segs); return PTR_ERR(segs);
if (segs == NULL)
return -EINVAL;
do { do {
struct sk_buff *nskb = segs->next; struct sk_buff *nskb = segs->next;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment