[ovs-dev] [PATCH] datapath: Avoid null deref when GSO is for verifying header integrity only.

Ben Pfaff blp at nicira.com
Mon Jan 21 18:11:49 UTC 2013

skb_gso_segment() has the following comment:

 *    It may return NULL if the skb requires no segmentation.  This is
 *    only possible when GSO is used for verifying header integrity.

Somehow queue_gso_packets() has never hit this case before, but some
failures have suddenly been reported.  This commit should fix the problem.

Bug #14772.
Reported-by: Deepesh Govindan <dgovindan at vmware.com>.
Signed-off-by: Ben Pfaff <blp at nicira.com>
I don't know how to trigger this condition, so I haven't tested this
patch beyond verifying that it compiles against the Linux 3.2 kernel
on which the problem was reported.  The patch was generated against
branch-1.7 because that's where the problem occurred; it looks like
it should apply cleanly against master also.

 datapath/datapath.c |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/datapath/datapath.c b/datapath/datapath.c
index 641c812..6ae4711 100644
--- a/datapath/datapath.c
+++ b/datapath/datapath.c
@@ -414,6 +414,8 @@ static int queue_gso_packets(struct net *net, int dp_ifindex,
 	segs = skb_gso_segment(skb, NETIF_F_SG | NETIF_F_HW_CSUM);
 	if (IS_ERR(segs))
 		return PTR_ERR(segs);
+	if (!segs)
+		return queue_userspace_packet(net, dp_ifindex, skb, upcall_info);
 	/* Queue all of the segments. */
 	skb = segs;

More information about the dev mailing list