From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Alexander Sverdlin <alexander.sverdlin@nokia.com>,
"David S . Miller" <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>,
netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 4.4 30/37] macvlan: Skip loopback packets in RX handler
Date: Mon, 8 Jun 2020 19:27:42 -0400 [thread overview]
Message-ID: <20200608232750.3370747-30-sashal@kernel.org> (raw)
In-Reply-To: <20200608232750.3370747-1-sashal@kernel.org>
From: Alexander Sverdlin <alexander.sverdlin@nokia.com>
[ Upstream commit 81f3dc9349ce0bf7b8447f147f45e70f0a5b36a6 ]
Ignore loopback-originatig packets soon enough and don't try to process L2
header where it doesn't exist. The very similar br_handle_frame() in bridge
code performs exactly the same check.
This is an example of such ICMPv6 packet:
skb len=96 headroom=40 headlen=96 tailroom=56
mac=(40,0) net=(40,40) trans=80
shinfo(txflags=0 nr_frags=0 gso(size=0 type=0 segs=0))
csum(0xae2e9a2f ip_summed=1 complete_sw=0 valid=0 level=0)
hash(0xc97ebd88 sw=1 l4=1) proto=0x86dd pkttype=5 iif=24
dev name=etha01.212 feat=0x0x0000000040005000
skb headroom: 00000000: 00 7c 86 52 84 88 ff ff 00 00 00 00 00 00 08 00
skb headroom: 00000010: 45 00 00 9e 5d 5c 40 00 40 11 33 33 00 00 00 01
skb headroom: 00000020: 02 40 43 80 00 00 86 dd
skb linear: 00000000: 60 09 88 bd 00 38 3a ff fe 80 00 00 00 00 00 00
skb linear: 00000010: 00 40 43 ff fe 80 00 00 ff 02 00 00 00 00 00 00
skb linear: 00000020: 00 00 00 00 00 00 00 01 86 00 61 00 40 00 00 2d
skb linear: 00000030: 00 00 00 00 00 00 00 00 03 04 40 e0 00 00 01 2c
skb linear: 00000040: 00 00 00 78 00 00 00 00 fd 5f 42 68 23 87 a8 81
skb linear: 00000050: 00 00 00 00 00 00 00 00 01 01 02 40 43 80 00 00
skb tailroom: 00000000: ...
skb tailroom: 00000010: ...
skb tailroom: 00000020: ...
skb tailroom: 00000030: ...
Call Trace, how it happens exactly:
...
macvlan_handle_frame+0x321/0x425 [macvlan]
? macvlan_forward_source+0x110/0x110 [macvlan]
__netif_receive_skb_core+0x545/0xda0
? enqueue_task_fair+0xe5/0x8e0
? __netif_receive_skb_one_core+0x36/0x70
__netif_receive_skb_one_core+0x36/0x70
process_backlog+0x97/0x140
net_rx_action+0x1eb/0x350
? __hrtimer_run_queues+0x136/0x2e0
__do_softirq+0xe3/0x383
do_softirq_own_stack+0x2a/0x40
</IRQ>
do_softirq.part.4+0x4e/0x50
netif_rx_ni+0x60/0xd0
dev_loopback_xmit+0x83/0xf0
ip6_finish_output2+0x575/0x590 [ipv6]
? ip6_cork_release.isra.1+0x64/0x90 [ipv6]
? __ip6_make_skb+0x38d/0x680 [ipv6]
? ip6_output+0x6c/0x140 [ipv6]
ip6_output+0x6c/0x140 [ipv6]
ip6_send_skb+0x1e/0x60 [ipv6]
rawv6_sendmsg+0xc4b/0xe10 [ipv6]
? proc_put_long+0xd0/0xd0
? rw_copy_check_uvector+0x4e/0x110
? sock_sendmsg+0x36/0x40
sock_sendmsg+0x36/0x40
___sys_sendmsg+0x2b6/0x2d0
? proc_dointvec+0x23/0x30
? addrconf_sysctl_forward+0x8d/0x250 [ipv6]
? dev_forward_change+0x130/0x130 [ipv6]
? _raw_spin_unlock+0x12/0x30
? proc_sys_call_handler.isra.14+0x9f/0x110
? __call_rcu+0x213/0x510
? get_max_files+0x10/0x10
? trace_hardirqs_on+0x2c/0xe0
? __sys_sendmsg+0x63/0xa0
__sys_sendmsg+0x63/0xa0
do_syscall_64+0x6c/0x1e0
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Signed-off-by: Alexander Sverdlin <alexander.sverdlin@nokia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/macvlan.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c
index 0c4e1ef80355..73061bee35cd 100644
--- a/drivers/net/macvlan.c
+++ b/drivers/net/macvlan.c
@@ -420,6 +420,10 @@ static rx_handler_result_t macvlan_handle_frame(struct sk_buff **pskb)
int ret;
rx_handler_result_t handle_res;
+ /* Packets from dev_loopback_xmit() do not have L2 header, bail out */
+ if (unlikely(skb->pkt_type == PACKET_LOOPBACK))
+ return RX_HANDLER_PASS;
+
port = macvlan_port_get_rcu(skb->dev);
if (is_multicast_ether_addr(eth->h_dest)) {
skb = ip_check_defrag(dev_net(skb->dev), skb, IP_DEFRAG_MACVLAN);
--
2.25.1
next prev parent reply other threads:[~2020-06-08 23:38 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-08 23:27 [PATCH AUTOSEL 4.4 01/37] ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 02/37] ath9k: Fix use-after-free Write in ath9k_htc_rx_msg Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 03/37] spi: dw: Zero DMA Tx and Rx configurations on stack Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 04/37] Bluetooth: Add SCO fallback for invalid LMP parameters error Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 05/37] kgdb: Prevent infinite recursive entries to the debugger Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 06/37] spi: dw: Enable interrupts in accordance with DMA xfer mode Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 07/37] clocksource: dw_apb_timer_of: Fix missing clockevent timers Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 08/37] btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 09/37] ARM: 8978/1: mm: make act_mm() respect THREAD_SIZE Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 10/37] net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 11/37] staging: android: ion: use vmap instead of vm_map_ram Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 12/37] ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 13/37] ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 14/37] e1000: Distribute switch variables for initialization Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 15/37] media: dvb: return -EREMOTEIO on i2c transfer failure Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 16/37] MIPS: Make sparse_init() using top-down allocation Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 17/37] netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 18/37] lib/mpi: Fix 64-bit MIPS build with Clang Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 19/37] net: lpc-enet: fix error return code in lpc_mii_init() Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 20/37] net: allwinner: Fix use correct return type for ndo_start_xmit() Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 21/37] powerpc/spufs: fix copy_to_user while atomic Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 22/37] ath9k_htc: Silence undersized packet warnings Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 23/37] mips: cm: Fix an invalid error code of INTVN_*_ERR Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 24/37] kgdb: Fix spurious true from in_dbg_master() Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 25/37] md: don't flush workqueue unconditionally in md_open Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 26/37] mwifiex: Fix memory corruption in dump_station Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 27/37] mips: Add udelay lpj numbers adjustment Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 28/37] x86/mm: Stop printing BRK addresses Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 29/37] m68k: mac: Don't call via_flush_cache() on Mac IIfx Sasha Levin
2020-06-08 23:27 ` Sasha Levin [this message]
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 31/37] PCI: Don't disable decoding when mmio_always_on is set Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 32/37] MIPS: Fix IRQ tracing when call handle_fpe() and handle_msa_fpe() Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 33/37] xfs: gut error handling in xfs_trans_unreserve_and_mod_sb() Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 34/37] ixgbe: fix signed-integer-overflow warning Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 35/37] spi: dw: Return any value retrieved from the dma_transfer callback Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 36/37] cpuidle: Fix three reference count leaks Sasha Levin
2020-06-08 23:27 ` [PATCH AUTOSEL 4.4 37/37] vxlan: Avoid infinite loop when suppressing NS messages with invalid options Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200608232750.3370747-30-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=alexander.sverdlin@nokia.com \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox