From: Willem de Bruijn willemb@google.com
mainline inclusion from mainline-v6.11-rc1 commit dd89a81d850fa9a65f67b4527c0e420d15bf836c category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAMMLZ CVE: CVE-2024-44940
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
Drop the WARN_ON_ONCE inn gue_gro_receive if the encapsulated type is not known or does not have a GRO handler.
Such a packet is easily constructed. Syzbot generates them and sets off this warning.
Remove the warning as it is expected and not actionable.
The warning was previously reduced from WARN_ON to WARN_ON_ONCE in commit 270136613bf7 ("fou: Do WARN_ON_ONCE in gue_gro_receive for bad proto callbacks").
Signed-off-by: Willem de Bruijn willemb@google.com Reviewed-by: Eric Dumazet edumazet@google.com Link: https://lore.kernel.org/r/20240614122552.1649044-1-willemdebruijn.kernel@gma... Signed-off-by: Jakub Kicinski kuba@kernel.org
Conflicts: net/ipv4/fou.c net/ipv4/fou_core.c [The file where the code is located is changed due to refactoring] Signed-off-by: ZhangPeng zhangpeng362@huawei.com --- net/ipv4/fou.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ipv4/fou.c b/net/ipv4/fou.c index e5f69b0bf3df..3b777457ad5b 100644 --- a/net/ipv4/fou.c +++ b/net/ipv4/fou.c @@ -441,7 +441,7 @@ static struct sk_buff *gue_gro_receive(struct sock *sk, rcu_read_lock(); offloads = NAPI_GRO_CB(skb)->is_ipv6 ? inet6_offloads : inet_offloads; ops = rcu_dereference(offloads[proto]); - if (WARN_ON_ONCE(!ops || !ops->callbacks.gro_receive)) + if (!ops || !ops->callbacks.gro_receive) goto out_unlock;
pp = call_gro_receive(ops->callbacks.gro_receive, head, skb);