Re: [PATCH net] xfrm: Preserve vlan tags for transport mode software GRO

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sabrina Dubroca <sd@queasysnail.net>
To: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Paul Davey <paul.davey@alliedtelesis.co.nz>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	"David S. Miller" <davem@davemloft.net>,
	netdev@vger.kernel.org
Subject: Re: [PATCH net] xfrm: Preserve vlan tags for transport mode software GRO
Date: Mon, 22 Apr 2024 14:49:44 +0200	[thread overview]
Message-ID: <ZiZc6ApkxivqaILg@hog> (raw)
In-Reply-To: <ZiY0Of0QuDOCPXHg@gauss3.secunet.de>

2024-04-22, 11:56:09 +0200, Steffen Klassert wrote:
> On Mon, Apr 22, 2024 at 02:56:20PM +1200, Paul Davey wrote:
> > The software GRO path for esp transport mode uses skb_mac_header_rebuild
> > prior to re-injecting the packet via the xfrm_napi_dev.  This only
> > copies skb->mac_len bytes of header which may not be sufficient if the
> > packet contains 802.1Q tags or other VLAN tags.  Worse copying only the
> > initial header will leave a packet marked as being VLAN tagged but
> > without the corresponding tag leading to mangling when it is later
> > untagged.
> > 
> > The VLAN tags are important when receiving the decrypted esp transport
> > mode packet after GRO processing to ensure it is received on the correct
> > interface.
> > 
> > Therefore record the full mac header length in xfrm*_transport_input for
> > later use in correpsonding xfrm*_transport_finish to copy the entire mac
> > header when rebuilding the mac header for GRO.  The skb->data pointer is
> > left pointing skb->mac_header bytes after the start of the mac header as
> > is expected by the network stack and network and transport header
> > offsets reset to this location.
> > 
> > Signed-off-by: Paul Davey <paul.davey@alliedtelesis.co.nz>
> 
> Please add a 'Fixes:' tag so it can be backported to stable.
> 
> > diff --git a/include/net/xfrm.h b/include/net/xfrm.h
> > index 57c743b7e4fe..0331cfecb28b 100644
> > --- a/include/net/xfrm.h
> > +++ b/include/net/xfrm.h
> > @@ -675,6 +675,9 @@ struct xfrm_mode_skb_cb {
> >  
> >  	/* Used by IPv6 only, zero for IPv4. */
> >  	u8 flow_lbl[3];
> > +
> > +	/* Used to keep whole l2 header for transport mode GRO */
> > +	u32 orig_mac_len;
> 
> xfrm_mode_skb_cb has already reached the maximum size of 48 bytes.
> Adding more will overwrite data in the 'struct sk_buff'.

I thought we already had a BUILD_BUG_ON(sizeof(struct
xfrm_mode_skb_cb) > sizeof_field(struct sk_buff, cb)) somewhere, but
apparently not. I guess it's time to add one? (and xfrm_spi_skb_cb, xfrm_skb_cb)

diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index 161f535c8b94..afc8b3c881e2 100644
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -793,6 +793,8 @@ void __init xfrm_input_init(void)
 	int err;
 	int i;
 
+	BUILD_BUG_ON(sizeof(struct xfrm_mode_skb_cb) > sizeof_field(struct sk_buff, cb));
+
 	init_dummy_netdev(&xfrm_napi_dev);
 	err = gro_cells_init(&gro_cells, &xfrm_napi_dev);
 	if (err)


Actually it looks like we still have 4B in xfrm_mode_skb_cb:

struct xfrm_mode_skb_cb {
	struct xfrm_tunnel_skb_cb  header;               /*     0    32 */
	__be16                     id;                   /*    32     2 */
	__be16                     frag_off;             /*    34     2 */
	u8                         ihl;                  /*    36     1 */
	u8                         tos;                  /*    37     1 */
	u8                         ttl;                  /*    38     1 */
	u8                         protocol;             /*    39     1 */
	u8                         optlen;               /*    40     1 */
	u8                         flow_lbl[3];          /*    41     3 */

	/* size: 48, cachelines: 1, members: 9 */
	/* padding: 4 */
	/* last cacheline: 48 bytes */
};

flow_lbl ends at 44, so adding orig_mac_len should be fine. I don't
see any config options that would increase the size of
xfrm_mode_skb_cb compared to what I already have.

-- 
Sabrina

next prev parent reply	other threads:[~2024-04-22 12:49 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-04-22  2:56 [PATCH net] xfrm: Preserve vlan tags for transport mode software GRO Paul Davey
2024-04-22  9:56 ` Steffen Klassert
2024-04-22 12:49   ` Sabrina Dubroca [this message]
2024-04-22 16:11     ` Steffen Klassert

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:161f535c8b9 dfblob:afc8b3c881e )
 OR (
bs:"Re: [PATCH net] xfrm: Preserve vlan tags for transport mode software GRO" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZiZc6ApkxivqaILg@hog \
    --to=sd@queasysnail.net \
    --cc=davem@davemloft.net \
    --cc=herbert@gondor.apana.org.au \
    --cc=netdev@vger.kernel.org \
    --cc=paul.davey@alliedtelesis.co.nz \
    --cc=steffen.klassert@secunet.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.