net-gro: Fix GRO flush when receiving a GSO packet.
authorSteffen Klassert <steffen.klassert@secunet.com>
Tue, 2 Apr 2019 06:16:03 +0000 (08:16 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 17 Apr 2019 06:38:40 +0000 (08:38 +0200)
commitb87ec81362ac54ad33a001fffb11d1b9d9a28fc8
tree385bdef86de95d07db681bee9cdd3737aa640418
parent80c205813d3f5d7a912c73487d1ee6d76a696af1
net-gro: Fix GRO flush when receiving a GSO packet.

[ Upstream commit 0ab03f353d3613ea49d1f924faf98559003670a8 ]

Currently we may merge incorrectly a received GSO packet
or a packet with frag_list into a packet sitting in the
gro_hash list. skb_segment() may crash case because
the assumptions on the skb layout are not met.
The correct behaviour would be to flush the packet in the
gro_hash list and send the received GSO packet directly
afterwards. Commit d61d072e87c8e ("net-gro: avoid reorders")
sets NAPI_GRO_CB(skb)->flush in this case, but this is not
checked before merging. This patch makes sure to check this
flag and to not merge in that case.

Fixes: d61d072e87c8e ("net-gro: avoid reorders")
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
net/core/skbuff.c