[PATCH 4.1 06/45] packet: infer protocol from ethernet header if unset

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Eric Dumazet <edumazet@google.com>,
	Daniel Borkmann <daniel@iogearbox.net>,
	Willem de Bruijn <willemb@google.com>,
	"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.1 06/45] packet: infer protocol from ethernet header if unset
Date: Sat, 12 Dec 2015 11:33:01 -0800	[thread overview]
Message-ID: <20151212193324.302189615@linuxfoundation.org> (raw)
In-Reply-To: <20151212193323.965395988@linuxfoundation.org>

4.1-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Daniel Borkmann <daniel@iogearbox.net>

[ Upstream commit c72219b75fde768efccf7666342282fab7f9e4e7 ]

In case no struct sockaddr_ll has been passed to packet
socket's sendmsg() when doing a TX_RING flush run, then
skb->protocol is set to po->num instead, which is the protocol
passed via socket(2)/bind(2).

Applications only xmitting can go the path of allocating the
socket as socket(PF_PACKET, <mode>, 0) and do a bind(2) on the
TX_RING with sll_protocol of 0. That way, register_prot_hook()
is neither called on creation nor on bind time, which saves
cycles when there's no interest in capturing anyway.

That leaves us however with po->num 0 instead and therefore
the TX_RING flush run sets skb->protocol to 0 as well. Eric
reported that this leads to problems when using tools like
trafgen over bonding device. I.e. the bonding's hash function
could invoke the kernel's flow dissector, which depends on
skb->protocol being properly set. In the current situation, all
the traffic is then directed to a single slave.

Fix it up by inferring skb->protocol from the Ethernet header
when not set and we have ARPHRD_ETHER device type. This is only
done in case of SOCK_RAW and where we have a dev->hard_header_len
length. In case of ARPHRD_ETHER devices, this is guaranteed to
cover ETH_HLEN, and therefore being accessed on the skb after
the skb_store_bits().

Reported-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/packet/af_packet.c |   11 +++++++++++
 1 file changed, 11 insertions(+)

--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -2121,6 +2121,15 @@ static bool ll_header_truncated(const st
 	return false;
 }

+static void tpacket_set_protocol(const struct net_device *dev,
+				 struct sk_buff *skb)
+{
+	if (dev->type == ARPHRD_ETHER) {
+		skb_reset_mac_header(skb);
+		skb->protocol = eth_hdr(skb)->h_proto;
+	}
+}
+
 static int tpacket_fill_skb(struct packet_sock *po, struct sk_buff *skb,
 		void *frame, struct net_device *dev, int size_max,
 		__be16 proto, unsigned char *addr, int hlen)
@@ -2202,6 +2211,8 @@ static int tpacket_fill_skb(struct packe
 				dev->hard_header_len);
 		if (unlikely(err))
 			return err;
+		if (!skb->protocol)
+			tpacket_set_protocol(dev, skb);

 		data += dev->hard_header_len;
 		to_write -= dev->hard_header_len;

next prev parent reply	other threads:[~2015-12-12 19:41 UTC|newest]

Thread overview: 48+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-12-12 19:32 [PATCH 4.1 00/45] 4.1.15-stable review Greg Kroah-Hartman
2015-12-12 19:32 ` [PATCH 4.1 01/45] unix: avoid use-after-free in ep_remove_wait_queue Greg Kroah-Hartman
2015-12-12 19:32 ` [PATCH 4.1 02/45] tools/net: Use include/uapi with __EXPORTED_HEADERS__ Greg Kroah-Hartman
2015-12-12 19:32 ` [PATCH 4.1 03/45] packet: do skb_probe_transport_header when we actually have data Greg Kroah-Hartman
2015-12-12 19:32 ` [PATCH 4.1 04/45] packet: always probe for transport header Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 05/45] packet: only allow extra vlan len on ethernet devices Greg Kroah-Hartman
2015-12-12 19:33 ` Greg Kroah-Hartman [this message]
2015-12-12 19:33 ` [PATCH 4.1 07/45] packet: fix tpacket_snd max frame len Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 08/45] sctp: translate host order to network order when setting a hmacid Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 09/45] ip_tunnel: disable preemption when updating per-cpu tstats Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 10/45] snmp: Remove duplicate OUTMCAST stat increment Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 12/45] tcp: md5: fix lockdep annotation Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 13/45] tcp: disable Fast Open on timeouts after handshake Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 14/45] tcp: fix potential huge kmalloc() calls in TCP_REPAIR Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 15/45] tcp: initialize tp->copied_seq in case of cross SYN connection Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 16/45] net, scm: fix PaX detected msg_controllen overflow in scm_detach_fds Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 17/45] net: ipmr: fix static mfc/dev leaks on table destruction Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 18/45] net: ip6mr: " Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 19/45] broadcom: fix PHY_ID_BCM5481 entry in the id table Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 20/45] ipv6: distinguish frag queues by device for multicast and link-local packets Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 21/45] RDS: fix race condition when sending a message on unbound socket Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 22/45] bpf, array: fix heap out-of-bounds access when updating elements Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 23/45] ipv6: add complete rcu protection around np->opt Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 24/45] net/neighbour: fix crash at dumping device-agnostic proxy entries Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 25/45] ipv6: sctp: implement sctp_v6_destroy_sock() Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 26/45] net_sched: fix qdisc_tree_decrease_qlen() races Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 27/45] btrfs: check unsupported filters in balance arguments Greg Kroah-Hartman
2015-12-12 22:22   ` Holger Hoffstätte
2015-12-12 19:33 ` [PATCH 4.1 28/45] Btrfs: fix file corruption and data loss after cloning inline extents Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 29/45] Btrfs: fix truncation of compressed and inlined extents Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 30/45] Btrfs: fix race leading to incorrect item deletion when dropping extents Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 31/45] Btrfs: fix race leading to BUG_ON when running delalloc for nodatacow Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 32/45] Btrfs: fix race when listing an inodes xattrs Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 33/45] rbd: dont put snap_context twice in rbd_queue_workfn() Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 34/45] ext4 crypto: fix memory leak in ext4_bio_write_page() Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 35/45] ext4: fix potential use after free in __ext4_journal_stop Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 36/45] ext4, jbd2: ensure entering into panic after recording an error in superblock Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 37/45] firewire: ohci: fix JMicron JMB38x IT context discovery Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 38/45] nfsd: serialize state seqid morphing operations Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 39/45] nfsd: eliminate sending duplicate and repeated delegations Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 40/45] debugfs: fix refcount imbalance in start_creating Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 41/45] nfs4: start callback_ident at idr 1 Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 42/45] nfs: if we have no valid attrs, then dont declare the attribute cache valid Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 43/45] ocfs2: fix umask ignored issue Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 44/45] ceph: fix message length computation Greg Kroah-Hartman
2015-12-12 19:33 ` [PATCH 4.1 45/45] ALSA: hda/hdmi - apply Skylake fix-ups to Broxton display codec Greg Kroah-Hartman
2015-12-13  3:04 ` [PATCH 4.1 00/45] 4.1.15-stable review Shuah Khan
2015-12-13 15:58 ` Guenter Roeck

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20151212193324.302189615@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=daniel@iogearbox.net \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=willemb@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.