Commit 55e72988 authored by Alexander Lobakin's avatar Alexander Lobakin Committed by Jakub Kicinski
Browse files

net: udp: fix IP header access and skb lookup on Fast/frag0 UDP GRO 



udp{4,6}_lib_lookup_skb() use ip{,v6}_hdr() to get IP header of the
packet. While it's probably OK for non-frag0 paths, this helpers
will also point to junk on Fast/frag0 GRO when all headers are
located in frags. As a result, sk/skb lookup may fail or give wrong
results. To support both GRO modes, skb_gro_network_header() might
be used. To not modify original functions, add private versions of
udp{4,6}_lib_lookup_skb() only to perform correct sk lookups on GRO.

Present since the introduction of "application-level" UDP GRO
in 4.7-rc1.

Misc: replace totally unneeded ternaries with plain ifs.

Fixes: a6024562 ("udp: Add GRO functions to UDP socket")
Suggested-by: default avatarWillem de Bruijn <willemb@google.com>
Cc: Eric Dumazet <edumazet@google.com>
Signed-off-by: default avatarAlexander Lobakin <alobakin@pm.me>
Acked-by: default avatarWillem de Bruijn <willemb@google.com>
Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent 4b1a8628

net/ipv4/udp_offload.c

+15 −2
Original line number Diff line number Diff line
@@ -500,12 +500,22 @@ struct sk_buff *udp_gro_receive(struct list_head *head, struct sk_buff *skb, 
}

EXPORT_SYMBOL(udp_gro_receive);



static struct sock *udp4_gro_lookup_skb(struct sk_buff *skb, __be16 sport,

					__be16 dport)

{

	const struct iphdr *iph = skb_gro_network_header(skb);



	return __udp4_lib_lookup(dev_net(skb->dev), iph->saddr, sport,

				 iph->daddr, dport, inet_iif(skb),

				 inet_sdif(skb), &udp_table, NULL);

}



INDIRECT_CALLABLE_SCOPE

struct sk_buff *udp4_gro_receive(struct list_head *head, struct sk_buff *skb)

{

	struct udphdr *uh = udp_gro_udphdr(skb);

	struct sock *sk = NULL;

	struct sk_buff *pp;

	struct sock *sk;



	if (unlikely(!uh))

		goto flush;
@@ -523,7 +533,10 @@ struct sk_buff *udp4_gro_receive(struct list_head *head, struct sk_buff *skb) 
skip:

	NAPI_GRO_CB(skb)->is_ipv6 = 0;

	rcu_read_lock();

	sk = static_branch_unlikely(&udp_encap_needed_key) ? udp4_lib_lookup_skb(skb, uh->source, uh->dest) : NULL;



	if (static_branch_unlikely(&udp_encap_needed_key))

		sk = udp4_gro_lookup_skb(skb, uh->source, uh->dest);



	pp = udp_gro_receive(head, skb, uh, sk);

	rcu_read_unlock();

	return pp;

net/ipv6/udp_offload.c

+15 −2
Original line number Diff line number Diff line
@@ -111,12 +111,22 @@ static struct sk_buff *udp6_ufo_fragment(struct sk_buff *skb, 
	return segs;

}



static struct sock *udp6_gro_lookup_skb(struct sk_buff *skb, __be16 sport,

					__be16 dport)

{

	const struct ipv6hdr *iph = skb_gro_network_header(skb);



	return __udp6_lib_lookup(dev_net(skb->dev), &iph->saddr, sport,

				 &iph->daddr, dport, inet6_iif(skb),

				 inet6_sdif(skb), &udp_table, NULL);

}



INDIRECT_CALLABLE_SCOPE

struct sk_buff *udp6_gro_receive(struct list_head *head, struct sk_buff *skb)

{

	struct udphdr *uh = udp_gro_udphdr(skb);

	struct sock *sk = NULL;

	struct sk_buff *pp;

	struct sock *sk;



	if (unlikely(!uh))

		goto flush;
@@ -135,7 +145,10 @@ struct sk_buff *udp6_gro_receive(struct list_head *head, struct sk_buff *skb) 
skip:

	NAPI_GRO_CB(skb)->is_ipv6 = 1;

	rcu_read_lock();

	sk = static_branch_unlikely(&udpv6_encap_needed_key) ? udp6_lib_lookup_skb(skb, uh->source, uh->dest) : NULL;



	if (static_branch_unlikely(&udpv6_encap_needed_key))

		sk = udp6_gro_lookup_skb(skb, uh->source, uh->dest);



	pp = udp_gro_receive(head, skb, uh, sk);

	rcu_read_unlock();

	return pp;