[Xen-devel] [2/4] [NET]: Update net-gso.patch

Hi:

[NET]: Update net-gso.patch

New changeset merged upstream:

    [TCP]: Reset gso_segs if packet is dodgy

    I wasn't paranoid enough in verifying GSO information.  A bogus gso_segs
    could upset drivers as much as a bogus header would.  Let's reset it in
    the per-protocol gso_segment functions.

    I didn't verify gso_size because that can be verified by the source of
    the dodgy packets.

    Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
diff -r 617e4d3351f3 -r f6806ad757d5 patches/linux-2.6.16.13/net-gso.patch
--- a/patches/linux-2.6.16.13/net-gso.patch     Fri Jun 30 22:12:59 2006 +1000
+++ b/patches/linux-2.6.16.13/net-gso.patch     Fri Jun 30 22:16:02 2006 +1000
@@ -2225,7 +2225,7 @@ index d64e2ec..7494823 100644
        err = ipcomp_compress(x, skb);
        iph = skb->nh.iph;
 diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
-index 00aa80e..84130c9 100644
+index 00aa80e..30c81a8 100644
 --- a/net/ipv4/tcp.c
 +++ b/net/ipv4/tcp.c
 @@ -257,6 +257,7 @@ #include <linux/smp_lock.h>
@@ -2281,7 +2281,7 @@ index 00aa80e..84130c9 100644
  
                        from += copy;
                        copied += copy;
-@@ -2026,6 +2021,71 @@ int tcp_getsockopt(struct sock *sk, int 
+@@ -2026,6 +2021,77 @@ int tcp_getsockopt(struct sock *sk, int 
  }
  
  
@@ -2306,12 +2306,18 @@ index 00aa80e..84130c9 100644
 +      if (!pskb_may_pull(skb, thlen))
 +              goto out;
 +
-+      segs = NULL;
-+      if (skb_gso_ok(skb, features | NETIF_F_GSO_ROBUST))
-+              goto out;
-+
 +      oldlen = (u16)~skb->len;
 +      __skb_pull(skb, thlen);
++
++      if (skb_gso_ok(skb, features | NETIF_F_GSO_ROBUST)) {
++              /* Packet is from an untrusted source, reset gso_segs. */
++              int mss = skb_shinfo(skb)->gso_size;
++
++              skb_shinfo(skb)->gso_segs = (skb->len + mss - 1) / mss;
++
++              segs = NULL;
++              goto out;
++      }
 +
 +      segs = skb_segment(skb, features);
 +      if (IS_ERR(segs))

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

[Xen-devel] [1/4] [NET] back: Fix maximum fragment check, Herbert Xu

Next by Date:

[Xen-devel] [3/4] [NET] back: Make extra info slot more generic, Herbert Xu

Previous by Thread:

[Xen-devel] [1/4] [NET] back: Fix maximum fragment check, Herbert Xu

Next by Thread:

[Xen-devel] [3/4] [NET] back: Make extra info slot more generic, Herbert Xu

Indexes:

[Date] [Thread] [Top] [All Lists]

WARNING - OLD ARCHIVES

xen-devel

[Xen-devel] [2/4] [NET]: Update net-gso.patch