!4901 fix CVE-2021-47036 (df206699) · Commits · EulixOS / Software / Kernel

net/ipv4/udp_offload.c

+13 −8

Original line number	Diff line number	Diff line
		@@ -512,20 +512,25 @@ struct sk_buff udp_gro_receive(struct list_head head, struct sk_buff *skb,
		unsigned int off = skb_gro_offset(skb);
		int flush = 1;

		/* we can do L4 aggregation only if the packet can't land in a tunnel
		* otherwise we could corrupt the inner stream
		*/
		NAPI_GRO_CB(skb)->is_flist = 0;
		if (!sk \|\| !udp_sk(sk)->gro_receive) {
		if (skb->dev->features & NETIF_F_GRO_FRAGLIST)
		NAPI_GRO_CB(skb)->is_flist = sk ? !udp_sk(sk)->gro_enabled : 1;

		if ((sk && udp_sk(sk)->gro_enabled) \|\| NAPI_GRO_CB(skb)->is_flist) {
		pp = call_gro_receive(udp_gro_receive_segment, head, skb);
		return pp;
		if ((sk && udp_sk(sk)->gro_enabled) \|\| NAPI_GRO_CB(skb)->is_flist)
		return call_gro_receive(udp_gro_receive_segment, head, skb);

		/* no GRO, be sure flush the current packet */
		goto out;
		}

		if (!sk \|\| NAPI_GRO_CB(skb)->encap_mark \|\|
		if (NAPI_GRO_CB(skb)->encap_mark \|\|
		(uh->check && skb->ip_summed != CHECKSUM_PARTIAL &&
		NAPI_GRO_CB(skb)->csum_cnt == 0 &&
		!NAPI_GRO_CB(skb)->csum_valid) \|\|
		!udp_sk(sk)->gro_receive)
		!NAPI_GRO_CB(skb)->csum_valid))
		goto out;

		/* mark that this skb passed once through the tunnel gro layer */