Thread (23 messages) 23 messages, 3 authors, 2015-10-28

Re: [PATCH net v2 2/4] ipv4: add defensive check for CHECKSUM_PARTIAL skbs in ip_fragment

From: Tom Herbert <hidden>
Date: 2015-10-27 18:46:25 

On Tue, Oct 27, 2015 at 8:02 AM, Hannes Frederic Sowa
[off-list ref] wrote:
CHECKSUM_PARTIAL skbs should never arrive in ip_fragment. If we get one
of those warn about them once and handle them gracefully by recalculating
the checksum.
I believe a UDP sender within the kernel (like an encapsulation) that
happens to send using a frag list that exceeds MTU is quite possible
and would be a problem with current code.
quoted hunk ↗ jump to hunk
Cc: Eric Dumazet <edumazet@google.com>
Cc: Vlad Yasevich <redacted>
Cc: Benjamin Coddington <redacted>
Cc: Tom Herbert <redacted>
Signed-off-by: Hannes Frederic Sowa <redacted>
---
 net/ipv4/ip_output.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 0b02417..3f94a3b 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -533,6 +533,11 @@ int ip_do_fragment(struct net *net, struct sock *sk, struct sk_buff *skb,

        dev = rt->dst.dev;

+       /* for offloaded checksums cleanup checksum before fragmentation */
+       if (WARN_ON_ONCE(skb->ip_summed == CHECKSUM_PARTIAL) &&
+           (err = skb_checksum_help(skb)))
+               goto fail;
+
        /*
         *      Point into the IP datagram header.
         */
@@ -657,9 +662,6 @@ slow_path_clean:
        }

 slow_path:
-       /* for offloaded checksums cleanup checksum before fragmentation */
-       if ((skb->ip_summed == CHECKSUM_PARTIAL) && skb_checksum_help(skb))
-               goto fail;
        iph = ip_hdr(skb);

        left = skb->len - hlen;         /* Space per frame */
--
2.5.0
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help