'[Xen-devel] [2/4] [NET]: Update net-gso.patch'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       xen-devel
Subject:    [Xen-devel] [2/4] [NET]: Update net-gso.patch
From:       Herbert Xu <herbert () gondor ! apana ! org ! au>
Date:       2006-06-30 12:47:40
Message-ID: 20060630124740.GB23466 () gondor ! apana ! org ! au
[Download RAW message or body]

Hi:

[NET]: Update net-gso.patch

New changeset merged upstream:

    [TCP]: Reset gso_segs if packet is dodgy

    I wasn't paranoid enough in verifying GSO information.  A bogus gso_segs
    could upset drivers as much as a bogus header would.  Let's reset it in
    the per-protocol gso_segment functions.

    I didn't verify gso_size because that can be verified by the source of
    the dodgy packets.

    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
diff -r 617e4d3351f3 -r f6806ad757d5 patches/linux-2.6.16.13/net-gso.patch
--- a/patches/linux-2.6.16.13/net-gso.patch	Fri Jun 30 22:12:59 2006 +1000
+++ b/patches/linux-2.6.16.13/net-gso.patch	Fri Jun 30 22:16:02 2006 +1000
@@ -2225,7 +2225,7 @@ index d64e2ec..7494823 100644
  	err = ipcomp_compress(x, skb);
  	iph = skb->nh.iph;
 diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
-index 00aa80e..84130c9 100644
+index 00aa80e..30c81a8 100644
 --- a/net/ipv4/tcp.c
 +++ b/net/ipv4/tcp.c
 @@ -257,6 +257,7 @@ #include <linux/smp_lock.h>
@@ -2281,7 +2281,7 @@ index 00aa80e..84130c9 100644
  
  			from += copy;
  			copied += copy;
-@@ -2026,6 +2021,71 @@ int tcp_getsockopt(struct sock *sk, int 
+@@ -2026,6 +2021,77 @@ int tcp_getsockopt(struct sock *sk, int 
  }
  
  
@@ -2306,12 +2306,18 @@ index 00aa80e..84130c9 100644
 +	if (!pskb_may_pull(skb, thlen))
 +		goto out;
 +
-+	segs = NULL;
-+	if (skb_gso_ok(skb, features | NETIF_F_GSO_ROBUST))
-+		goto out;
-+
 +	oldlen = (u16)~skb->len;
 +	__skb_pull(skb, thlen);
++
++	if (skb_gso_ok(skb, features | NETIF_F_GSO_ROBUST)) {
++		/* Packet is from an untrusted source, reset gso_segs. */
++		int mss = skb_shinfo(skb)->gso_size;
++
++		skb_shinfo(skb)->gso_segs = (skb->len + mss - 1) / mss;
++
++		segs = NULL;
++		goto out;
++	}
 +
 +	segs = skb_segment(skb, features);
 +	if (IS_ERR(segs))

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic