diff --git a/net/core/dev.c b/net/core/dev.c index 3721fbb..01241fc 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -1935,6 +1935,23 @@ static inline int skb_needs_linearize(struct sk_buff *skb, illegal_highdma(dev, skb)))); } +static int skb_csum_start_bug(struct sk_buff *skb, int pos) +{ + + if (skb->ip_summed == CHECKSUM_PARTIAL) { + long csstart; + + csstart = skb->csum_start - skb_headroom(skb); + if (WARN_ON(csstart > skb_headlen(skb))) { + pr_warning("%d: csum_start %d, headroom %d, headlen %d\n", + pos, skb->csum_start, skb_headroom(skb), + skb_headlen(skb)); + return 1; + } + } + return 0; +} + int dev_hard_start_xmit(struct sk_buff *skb, struct net_device *dev, struct netdev_queue *txq) { @@ -1959,11 +1976,15 @@ int dev_hard_start_xmit(struct sk_buff *skb, struct net_device *dev, goto out_kfree_skb; if (skb->next) goto gso; + if (skb_csum_start_bug(skb, 10)) + goto out_kfree_skb; } else { if (skb_needs_linearize(skb, dev) && __skb_linearize(skb)) goto out_kfree_skb; + if (skb_csum_start_bug(skb, 20)) + goto out_kfree_skb; /* If packet is not checksummed and device does not * support checksumming for this protocol, complete * checksumming here. @@ -1974,10 +1995,16 @@ int dev_hard_start_xmit(struct sk_buff *skb, struct net_device *dev, if (!dev_can_checksum(dev, skb) && skb_checksum_help(skb)) goto out_kfree_skb; + if (skb_csum_start_bug(skb, 30)) + goto out_kfree_skb; } } - rc = ops->ndo_start_xmit(skb, dev); + if (skb_csum_start_bug(skb, 40)) { + kfree_skb(skb); + rc = NETDEV_TX_OK; + } else + rc = ops->ndo_start_xmit(skb, dev); if (rc == NETDEV_TX_OK) txq_trans_update(txq); return rc; @@ -1997,7 +2024,12 @@ gso: if (dev->priv_flags & IFF_XMIT_DST_RELEASE) skb_dst_drop(nskb); - rc = ops->ndo_start_xmit(nskb, dev); + if (skb_csum_start_bug(skb, 50)) { + kfree_skb(skb); + rc = NETDEV_TX_OK; + } else + rc = ops->ndo_start_xmit(nskb, dev); + if (unlikely(rc != NETDEV_TX_OK)) { if (rc & ~NETDEV_TX_MASK) goto out_kfree_gso_skb;