www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Jesse Gross <jesse@kernel.org>
	Sat, 19 Mar 2016 16:32:01 +0000 (09:32 -0700)
committer	Chuck Anderson <chuck.anderson@oracle.com>
	Mon, 12 Dec 2016 04:49:40 +0000 (20:49 -0800)
commit	b9536a9dec7e739919a8ec4ed7fec3123762dbe2
tree	ea8a843c8bf24964082e326e4237e8831f742948	tree
parent	bb01c0a5b8e204615750a6fdb6feadff4b610c2e	commit \| diff

tunnels: Don't apply GRO to multiple layers of encapsulation.

Orabug: 24842686
CVE: CVE-2016-8666

When drivers express support for TSO of encapsulated packets, they
only mean that they can do it for one layer of encapsulation.
Supporting additional levels would mean updating, at a minimum,
more IP length fields and they are unaware of this.

No encapsulation device expresses support for handling offloaded
encapsulated packets, so we won't generate these types of frames
in the transmit path. However, GRO doesn't have a check for
multiple levels of encapsulation and will attempt to build them.

UDP tunnel GRO actually does prevent this situation but it only
handles multiple UDP tunnels stacked on top of each other. This
generalizes that solution to prevent any kind of tunnel stacking
that would cause problems.

Fixes: bf5a755f ("net-gre-gro: Add GRE support to the GRO stack")
Signed-off-by: Jesse Gross <jesse@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit fac8e0f579695a3ecbc4d3cac369139d7f819971)
Signed-off-by: Brian Maly <brian.maly@oracle.com>
Conflicts:
net/ipv4/af_inet.c
net/ipv6/ip6_offload.c

include/linux/netdevice.h		diff \| blob \| history
net/core/dev.c		diff \| blob \| history
net/ipv4/af_inet.c		diff \| blob \| history
net/ipv4/gre_offload.c		diff \| blob \| history
net/ipv4/udp_offload.c		diff \| blob \| history