From: Eric Dumazet <eduma...@google.com>
syzkaller hit the WARN() in tun_get_user(), providing skb
with payload in fragments only, and nothing in skb->head
GRO layer is fine with this, so relax the check.
Fixes: 90e33d459407 ("tun: enable napi_gro_frags() for TUN/TAP driver")
Signed-off-by: Eric Dumazet <eduma...@google.com>
---
drivers/net/tun.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index
57e4c31fa84adc4d9af6ab69a87feac23a8b034e..c64ec19af9b73744270f5cdb922d0f0c1c8f4443
100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -1737,7 +1737,7 @@ static ssize_t tun_get_user(struct tun_struct *tun,
struct tun_file *tfile,
/* Exercise flow dissector code path. */
u32 headlen = eth_get_headlen(skb->data, skb_headlen(skb));
- if (headlen > skb_headlen(skb) || headlen < ETH_HLEN) {
+ if (unlikely(headlen > skb_headlen(skb))) {
this_cpu_inc(tun->pcpu_stats->rx_dropped);
napi_free_frags(&tfile->napi);
mutex_unlock(&tfile->napi_mutex);
