From: Paolo Abeni pabeni@redhat.com
mainline inclusion from mainline-v5.14-rc2 commit b43c8909be52f2baca8884f967b418a88424494a category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I94JZ0 CVE: CVE-2021-47036
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
If an UDP packet enters the GRO engine but is not eligible for aggregation and is not targeting an UDP tunnel, udp_gro_receive() will not set the flush bit, and packet could delayed till the next napi flush.
Fix the issue ensuring non GROed packets traverse skb_gro_flush_final().
Reported-and-tested-by: Matthias Treydte mt@waldheinz.de Fixes: 18f25dc39990 ("udp: skip L4 aggregation for UDP tunnel packets") Signed-off-by: Paolo Abeni pabeni@redhat.com Signed-off-by: David S. Miller davem@davemloft.net
Conflicts: net/ipv4/udp_offload.c
Signed-off-by: Zhengchao Shao shaozhengchao@huawei.com --- net/ipv4/udp_offload.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/udp_offload.c b/net/ipv4/udp_offload.c index dc98acf26d1f..0cdd356866ec 100644 --- a/net/ipv4/udp_offload.c +++ b/net/ipv4/udp_offload.c @@ -521,8 +521,10 @@ struct sk_buff *udp_gro_receive(struct list_head *head, struct sk_buff *skb, NAPI_GRO_CB(skb)->is_flist = sk ? !udp_sk(sk)->gro_enabled : 1;
if ((sk && udp_sk(sk)->gro_enabled) || NAPI_GRO_CB(skb)->is_flist) - pp = call_gro_receive(udp_gro_receive_segment, head, skb); - return pp; + return call_gro_receive(udp_gro_receive_segment, head, skb); + + /* no GRO, be sure flush the current packet */ + goto out; }
if (NAPI_GRO_CB(skb)->encap_mark ||