Unverified Commit 83f8fd18 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!10057 udp: do not accept non-tunnel GSO skbs landing in a tunnel 

Merge Pull Request from: @ci-robot 
 
PR sync from: Wang Hai <wanghai38@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/WZKD3LVVG63YXYI5MWQZ5FN6B57ZSUIM/ 
 
https://gitee.com/src-openeuler/kernel/issues/I9QG8X 
 
Link:https://gitee.com/openeuler/kernel/pulls/10057

 

Reviewed-by: default avatarYue Haibing <yuehaibing@huawei.com>
Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
parents 43e1b619 6f193331

include/linux/udp.h

+28 −0
Original line number Diff line number Diff line
@@ -131,6 +131,24 @@ static inline void udp_cmsg_recv(struct msghdr *msg, struct sock *sk, 
	}

}



DECLARE_STATIC_KEY_FALSE(udp_encap_needed_key);

#if IS_ENABLED(CONFIG_IPV6)

DECLARE_STATIC_KEY_FALSE(udpv6_encap_needed_key);

#endif



static inline bool udp_encap_needed(void)

{

	if (static_branch_unlikely(&udp_encap_needed_key))

		return true;



#if IS_ENABLED(CONFIG_IPV6)

	if (static_branch_unlikely(&udpv6_encap_needed_key))

		return true;

#endif



	return false;

}



static inline bool udp_unexpected_gso(struct sock *sk, struct sk_buff *skb)

{

	if (!skb_is_gso(skb))
@@ -142,6 +160,16 @@ static inline bool udp_unexpected_gso(struct sock *sk, struct sk_buff *skb) 
	if (skb_shinfo(skb)->gso_type & SKB_GSO_FRAGLIST && !udp_sk(sk)->accept_udp_fraglist)

		return true;



	/* GSO packets lacking the SKB_GSO_UDP_TUNNEL/_CSUM bits might still

	 * land in a tunnel as the socket check in udp_gro_receive cannot be

	 * foolproof.

	 */

	if (udp_encap_needed() &&

	    READ_ONCE(udp_sk(sk)->encap_rcv) &&

	    !(skb_shinfo(skb)->gso_type &

	      (SKB_GSO_UDP_TUNNEL | SKB_GSO_UDP_TUNNEL_CSUM)))

		return true;



	return false;

}

net/ipv4/udp.c

+7 −0
Original line number Diff line number Diff line
@@ -602,6 +602,13 @@ static inline bool __udp_is_mcast_sock(struct net *net, struct sock *sk, 
}



DEFINE_STATIC_KEY_FALSE(udp_encap_needed_key);

EXPORT_SYMBOL(udp_encap_needed_key);



#if IS_ENABLED(CONFIG_IPV6)

DEFINE_STATIC_KEY_FALSE(udpv6_encap_needed_key);

EXPORT_SYMBOL(udpv6_encap_needed_key);

#endif



void udp_encap_enable(void)

{

	static_branch_inc(&udp_encap_needed_key);

net/ipv4/udp_offload.c

+4 −2
Original line number Diff line number Diff line
@@ -512,8 +512,10 @@ struct sk_buff *udp_gro_receive(struct list_head *head, struct sk_buff *skb, 
	unsigned int off = skb_gro_offset(skb);

	int flush = 1;



	/* we can do L4 aggregation only if the packet can't land in a tunnel

	 * otherwise we could corrupt the inner stream

	/* We can do L4 aggregation only if the packet can't land in a tunnel

	 * otherwise we could corrupt the inner stream. Detecting such packets

	 * cannot be foolproof and the aggregation might still happen in some

	 * cases. Such packets should be caught in udp_unexpected_gso later.

	 */

	NAPI_GRO_CB(skb)->is_flist = 0;

	if (!sk || !udp_sk(sk)->gro_receive) {

net/ipv6/udp.c

+1 −1
Original line number Diff line number Diff line
@@ -473,7 +473,7 @@ int udpv6_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, 
	goto try_again;

}



DEFINE_STATIC_KEY_FALSE(udpv6_encap_needed_key);

DECLARE_STATIC_KEY_FALSE(udpv6_encap_needed_key);

void udpv6_encap_enable(void)

{

	static_branch_inc(&udpv6_encap_needed_key);