[v2] net: fix segmentation of forwarding fraglist GRO
Jakub Kicinski
kuba at kernel.org
Wed Jan 14 19:20:30 PST 2026
This is an AI-generated review of your patch. The human sending this
email has considered the AI review valid, or at least pausible.
For local reproduction steps see https://netdev-ai.bots.linux.dev/ai-local.html
---
net: fix segmentation of forwarding fraglist GRO
This patch adds checks for frag_list presence and protocol consistency
when handling SKB_GSO_FRAGLIST packets in GSO segmentation. This ensures
XLAT-converted packets fall back to skb_segment instead of skb_segment_list.
> diff --git a/net/ipv4/tcp_offload.c b/net/ipv4/tcp_offload.c
> index fdda18b1abda..6c2c10f37f87 100644
> --- a/net/ipv4/tcp_offload.c
> +++ b/net/ipv4/tcp_offload.c
> @@ -107,7 +107,9 @@ static struct sk_buff *tcp4_gso_segment(struct sk_buff *skb,
> if (skb_shinfo(skb)->gso_type & SKB_GSO_FRAGLIST) {
> struct tcphdr *th = tcp_hdr(skb);
>
> - if (skb_pagelen(skb) - th->doff * 4 == skb_shinfo(skb)->gso_size)
> + if ((skb_pagelen(skb) - th->doff * 4 == skb_shinfo(skb)->gso_size) &&
> + skb_has_frag_list(skb) &&
> + (skb->protocol == skb_shinfo(skb)->frag_list->protocol))
> return __tcp4_gso_segment_list(skb, features);
Should tcp6_gso_segment() in net/ipv6/tcpv6_offload.c receive the same
treatment? Looking at that function, it has the identical pattern before
this patch:
if (skb_shinfo(skb)->gso_type & SKB_GSO_FRAGLIST) {
struct tcphdr *th = tcp_hdr(skb);
if (skb_pagelen(skb) - th->doff * 4 == skb_shinfo(skb)->gso_size)
return __tcp6_gso_segment_list(skb, features);
skb->ip_summed = CHECKSUM_NONE;
}
If an IPv4 packet is GRO-aggregated with fraglist and then converted by
XLAT to IPv6, the same protocol mismatch could occur when it reaches
tcp6_gso_segment(). Paolo raised this point in the v1 review:
https://lore.kernel.org/all/aab6c515-12e4-48ca-8220-c0797dae781f@redhat.com/
[ ... ]
--
pw-bot: cr
More information about the linux-arm-kernel
mailing list