On 7/26/24 15:52, Willem de Bruijn wrote:
On Fri, Jul 26, 2024 at 4:23 AM Paolo Abeni pabeni@redhat.com wrote:
On 7/26/24 04:32, Willem de Bruijn wrot> @@ -182,6 +171,11 @@ static inline int virtio_net_hdr_to_skb(struct sk_buff *skb,
if (gso_type != SKB_GSO_UDP_L4) return -EINVAL; break;
case SKB_GSO_TCPV4:case SKB_GSO_TCPV6:I think we need to add here an additional check:
if (!(hdr->flags & VIRTIO_NET_HDR_F_NEEDS_CSUM)) return -EINVAL;Historically this interface has been able to request VIRTIO_NET_HDR_GSO_* without VIRTIO_NET_HDR_F_NEEDS_CSUM.
I see. I looked at the SKB_GSO_UDP_L4 case, but I did not dig into history.
I would love to clamp down on this, as those packets are essentially illegal. But we should probably leave that discussion for a separate patch?
Yep, I guess we have to keep the two discussion separate.
As a consequence, I'm fine with the current checks (with Eric's suggested changes).
Thanks,
Paolo