aboutsummaryrefslogtreecommitdiffstats
path: root/net/core
diff options
context:
space:
mode:
authorBen Hutchings <bhutchings@solarflare.com>2012-07-30 15:57:00 +0000
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2012-10-02 09:47:04 -0700
commit7f8742aecd30470b4ae8f9bb6bd0b9b6abb93c9f (patch)
tree36584bd45da74c16b2e4df964ce449802fef1377 /net/core
parent3d2e7b3b3e876fae210e55c872df8f6750ab0fa3 (diff)
downloadkernel_samsung_crespo-7f8742aecd30470b4ae8f9bb6bd0b9b6abb93c9f.zip
kernel_samsung_crespo-7f8742aecd30470b4ae8f9bb6bd0b9b6abb93c9f.tar.gz
kernel_samsung_crespo-7f8742aecd30470b4ae8f9bb6bd0b9b6abb93c9f.tar.bz2
net: Allow driver to limit number of GSO segments per skb
[ Upstream commit 30b678d844af3305cda5953467005cebb5d7b687 ] A peer (or local user) may cause TCP to use a nominal MSS of as little as 88 (actual MSS of 76 with timestamps). Given that we have a sufficiently prodigious local sender and the peer ACKs quickly enough, it is nevertheless possible to grow the window for such a connection to the point that we will try to send just under 64K at once. This results in a single skb that expands to 861 segments. In some drivers with TSO support, such an skb will require hundreds of DMA descriptors; a substantial fraction of a TX ring or even more than a full ring. The TX queue selected for the skb may stall and trigger the TX watchdog repeatedly (since the problem skb will be retried after the TX reset). This particularly affects sfc, for which the issue is designated as CVE-2012-3412. Therefore: 1. Add the field net_device::gso_max_segs holding the device-specific limit. 2. In netif_skb_features(), if the number of segments is too high then mask out GSO features to force fall back to software GSO. Signed-off-by: Ben Hutchings <bhutchings@solarflare.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net/core')
-rw-r--r--net/core/dev.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/net/core/dev.c b/net/core/dev.c
index 8235b81..065b342 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -2050,6 +2050,9 @@ u32 netif_skb_features(struct sk_buff *skb)
__be16 protocol = skb->protocol;
u32 features = skb->dev->features;
+ if (skb_shinfo(skb)->gso_segs > skb->dev->gso_max_segs)
+ features &= ~NETIF_F_GSO_MASK;
+
if (protocol == htons(ETH_P_8021Q)) {
struct vlan_ethhdr *veh = (struct vlan_ethhdr *)skb->data;
protocol = veh->h_vlan_encapsulated_proto;
@@ -5870,6 +5873,7 @@ struct net_device *alloc_netdev_mqs(int sizeof_priv, const char *name,
dev_net_set(dev, &init_net);
dev->gso_max_size = GSO_MAX_SIZE;
+ dev->gso_max_segs = GSO_MAX_SEGS;
INIT_LIST_HEAD(&dev->ethtool_ntuple_list.list);
dev->ethtool_ntuple_list.count = 0;