On 05/10/2018 05:38 PM, Sean Tranchetti wrote:
> Using GSO in the UDP path on a device with
> scatter-gather netdevice feature disabled will result in a kernel
> panic with the following call stack:
>
> This panic is the result of allocating SKBs with small size
> for the newly segmented SKB. If the scatter-gather feature is
> disabled, the code attempts to call skb_put() on the small SKB
> with an argument of nearly the entire unsegmented SKB length.
>
> After this patch, attempting to use GSO with scatter-gather
> disabled will result in -EINVAL being returned.
>
> Fixes: 15e36f5b8e98 ("udp: paged allocation with gso")
> Signed-off-by: Sean Tranchetti <stran...@codeaurora.org>
> Signed-off-by: Subash Abhinov Kasiviswanathan <subas...@codeaurora.org>
> ---
> net/ipv4/ip_output.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
> index b5e21eb..0d63690 100644
> --- a/net/ipv4/ip_output.c
> +++ b/net/ipv4/ip_output.c
> @@ -1054,8 +1054,16 @@ static int __ip_append_data(struct sock *sk,
> copy = length;
>
> if (!(rt->dst.dev->features&NETIF_F_SG)) {
> + struct sk_buff *tmp;
> unsigned int off;
>
> + if (paged) {
> + err = -EINVAL;
> + while ((tmp = __skb_dequeue(queue)) != NULL)
> + kfree(tmp);
> + goto error;
> + }
> +
> off = skb->len;
> if (getfrag(from, skb_put(skb, copy),
> offset, copy, off, skb) < 0) {
>
Hmm, no, we absolutely need to fix GSO instead.
Think of a bonding device (or any virtual devices), your patch wont avoid the
crash.
