Hello!
On 02.04.2019 9:16, Steffen Klassert wrote:
Currently we may merge incorrectly a received GSO packet
or a packet with frag_list into a packet sitting in the
gro_hash list. skb_segment() may crash in this case because
the assumptions on the skb layout are not met in this case.
"In this case" repeated twice in the same sentence sounds
somewhat tautological. :-)
The correct behaviour would be to flush the packet in the
gro_hash list and send the received GSO packet directly
afterwards. Commit d61d072e87c8e ("net-gro: avoid reorders")
sets NAPI_GRO_CB(skb)->flush in this case, but this is not
checked before merging. This patch makes sure to check this
flag and to not merge in that case.
Fixes: d61d072e87c8e ("net-gro: avoid reorders")
Signed-off-by: Steffen Klassert <steffen.klass...@secunet.com>
[...]
MBR, Sergei
