From cefe262a25d2dcbd830c83a05e17a9d77350120d Mon Sep 17 00:00:00 2001 From: Jason Wang Date: Fri, 19 Sep 2014 16:04:38 +0800 Subject: [PATCH] net: keep original skb which only needs header checking during software GSO Commit 9be6b2c047a58fca1cffcb2996d475758e5f15ab ("net: Don't keep around original SKB when we software segment GSO frames") frees the original skb after software GSO even for dodgy gso skbs. This breaks the stream throughput from untrusted sources, since only header checking was done during software GSO instead of a true segmentation. This patch fixes this by freeing the original gso skb only when it was really segmented by software. Fixes 9be6b2c047a58fca1cffcb2996d475758e5f15ab ("net: Don't keep around original SKB when we software segment GSO frames.") Cc: David S. Miller Cc: Eric Dumazet Signed-off-by: Jason Wang Acked-by: Eric Dumazet Signed-off-by: David S. Miller --- net/core/dev.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/net/core/dev.c b/net/core/dev.c index e916ba8caccfc..52cd71a4a3439 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -2694,10 +2694,12 @@ struct sk_buff *validate_xmit_skb(struct sk_buff *skb, struct net_device *dev) struct sk_buff *segs; segs = skb_gso_segment(skb, features); - kfree_skb(skb); - if (IS_ERR(segs)) + if (IS_ERR(segs)) { segs = NULL; - skb = segs; + } else if (segs) { + consume_skb(skb); + skb = segs; + } } else { if (skb_needs_linearize(skb, features) && __skb_linearize(skb)) -- 2.39.5