Re: [v2] net: fix segmentation of forwarding fraglist GRO
From: Jakub Kicinski <kuba@kernel.org>
Date: 2026-01-15 03:20:33
Also in:
linux-arm-kernel, linux-mediatek, lkml
This is an AI-generated review of your patch. The human sending this email has considered the AI review valid, or at least pausible. For local reproduction steps see https://netdev-ai.bots.linux.dev/ai-local.html --- net: fix segmentation of forwarding fraglist GRO This patch adds checks for frag_list presence and protocol consistency when handling SKB_GSO_FRAGLIST packets in GSO segmentation. This ensures XLAT-converted packets fall back to skb_segment instead of skb_segment_list.
quoted hunk ↗ jump to hunk
diff --git a/net/ipv4/tcp_offload.c b/net/ipv4/tcp_offload.c index fdda18b1abda..6c2c10f37f87 100644 --- a/net/ipv4/tcp_offload.c +++ b/net/ipv4/tcp_offload.c@@ -107,7 +107,9 @@ static struct sk_buff *tcp4_gso_segment(struct sk_buff *skb, if (skb_shinfo(skb)->gso_type & SKB_GSO_FRAGLIST) { struct tcphdr *th = tcp_hdr(skb); - if (skb_pagelen(skb) - th->doff * 4 == skb_shinfo(skb)->gso_size) + if ((skb_pagelen(skb) - th->doff * 4 == skb_shinfo(skb)->gso_size) && + skb_has_frag_list(skb) && + (skb->protocol == skb_shinfo(skb)->frag_list->protocol)) return __tcp4_gso_segment_list(skb, features);
Should tcp6_gso_segment() in net/ipv6/tcpv6_offload.c receive the same
treatment? Looking at that function, it has the identical pattern before
this patch:
if (skb_shinfo(skb)->gso_type & SKB_GSO_FRAGLIST) {
struct tcphdr *th = tcp_hdr(skb);
if (skb_pagelen(skb) - th->doff * 4 == skb_shinfo(skb)->gso_size)
return __tcp6_gso_segment_list(skb, features);
skb->ip_summed = CHECKSUM_NONE;
}
If an IPv4 packet is GRO-aggregated with fraglist and then converted by
XLAT to IPv6, the same protocol mismatch could occur when it reaches
tcp6_gso_segment(). Paolo raised this point in the v1 review:
https://lore.kernel.org/all/aab6c515-12e4-48ca-8220-c0797dae781f@redhat.com/ (local)
[ ... ]
--
pw-bot: cr