Currently on stable trees we have support for netmem/devmem RX but not TX. It is not safe to forward/redirect an RX unreadable netmem packet into the device's TX path, as the device may call dma-mapping APIs on dma addrs that should not be passed to it.
Fix this by preventing the xmit of unreadable skbs.
Tested by configuring tc redirect:
sudo tc qdisc add dev eth1 ingress sudo tc filter add dev eth1 ingress protocol ip prio 1 flower ip_proto \ tcp src_ip 192.168.1.12 action mirred egress redirect dev eth1
Before, I see unreadable skbs in the driver's TX path passed to dma mapping APIs.
After, I don't see unreadable skbs in the driver's TX path passed to dma mapping APIs.
Fixes: 65249feb6b3d ("net: add support for skbs with unreadable frags") Suggested-by: Jakub Kicinski kuba@kernel.org Cc: stable@vger.kernel.org Signed-off-by: Mina Almasry almasrymina@google.com
---
v2: https://lore.kernel.org/netdev/20250305191153.6d899a00@kernel.org/
- Put unreadable check at the top (Jakub) --- net/core/dev.c | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/net/core/dev.c b/net/core/dev.c index 30da277c5a6f..2f7f5fd9ffec 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -3872,6 +3872,9 @@ static struct sk_buff *validate_xmit_skb(struct sk_buff *skb, struct net_device { netdev_features_t features;
+ if (!skb_frags_readable(skb)) + goto out_kfree_skb; + features = netif_skb_features(skb); skb = validate_xmit_vlan(skb, features); if (unlikely(!skb))
base-commit: f315296c92fd4b7716bdea17f727ab431891dc3b