From ae0570932d23fe8818c81af7878eceb2e4ecbfbe Mon Sep 17 00:00:00 2001 From: Ben Pfaff Date: Mon, 21 Jan 2013 14:29:15 -0800 Subject: [PATCH] datapath: Avoid null deref when GSO is for verifying header integrity only. skb_gso_segment() has the following comment: * It may return NULL if the skb requires no segmentation. This is * only possible when GSO is used for verifying header integrity. Somehow queue_gso_packets() has never hit this case before, but some failures have suddenly been reported. This commit should fix the problem. Additional commentary by Jesse: We shouldn't normally be hitting this case because we're actually trying to do GSO, not header validation. However, I guess the guest/backend must be generating a packet with an MSS, which tricks us into thinking that it's GSO, but no GSO is actually requested. In the case of the bridge, header validation does take place so the situation is handled already. It seems not ideal that the network backend doesn't sanitize these packets but it's probably good that we handle it in any case. Bug #14772. Reported-by: Deepesh Govindan Signed-off-by: Ben Pfaff Acked-by: Jesse Gross --- datapath/datapath.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/datapath/datapath.c b/datapath/datapath.c index 4aeae5d47..7b213d0ed 100644 --- a/datapath/datapath.c +++ b/datapath/datapath.c @@ -413,6 +413,8 @@ static int queue_gso_packets(struct net *net, int dp_ifindex, segs = skb_gso_segment(skb, NETIF_F_SG | NETIF_F_HW_CSUM); if (IS_ERR(segs)) return PTR_ERR(segs); + if (!segs) + return queue_userspace_packet(net, dp_ifindex, skb, upcall_info); /* Queue all of the segments. */ skb = segs; -- 2.20.1