* [PATCH net] vxlan: Pull inner IP header in vxlan_rcv().
@ 2024-04-30 16:50 Guillaume Nault
2024-05-01 10:02 ` Ido Schimmel
` (3 more replies)
0 siblings, 4 replies; 6+ messages in thread
From: Guillaume Nault @ 2024-04-30 16:50 UTC (permalink / raw)
To: David Miller, Jakub Kicinski, Paolo Abeni, Eric Dumazet
Cc: netdev, Ido Schimmel, Amit Cohen, Petr Machata,
Nikolay Aleksandrov, Jiri Benc, Breno Leitao, Stephen Hemminger
Ensure the inner IP header is part of skb's linear data before reading
its ECN bits. Otherwise we might read garbage.
One symptom is the system erroneously logging errors like
"vxlan: non-ECT from xxx.xxx.xxx.xxx with TOS=xxxx".
Similar bugs have been fixed in geneve, ip_tunnel and ip6_tunnel (see
commit 1ca1ba465e55 ("geneve: make sure to pull inner header in
geneve_rx()") for example). So let's reuse the same code structure for
consistency. Maybe we'll can add a common helper in the future.
Fixes: d342894c5d2f ("vxlan: virtual extensible lan")
Signed-off-by: Guillaume Nault <gnault@redhat.com>
---
drivers/net/vxlan/vxlan_core.c | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/drivers/net/vxlan/vxlan_core.c b/drivers/net/vxlan/vxlan_core.c
index c9e4e03ad214..3a9148fb1422 100644
--- a/drivers/net/vxlan/vxlan_core.c
+++ b/drivers/net/vxlan/vxlan_core.c
@@ -1674,6 +1674,7 @@ static int vxlan_rcv(struct sock *sk, struct sk_buff *skb)
bool raw_proto = false;
void *oiph;
__be32 vni = 0;
+ int nh;
/* Need UDP and VXLAN header to be present */
if (!pskb_may_pull(skb, VXLAN_HLEN))
@@ -1762,9 +1763,25 @@ static int vxlan_rcv(struct sock *sk, struct sk_buff *skb)
skb->pkt_type = PACKET_HOST;
}
- oiph = skb_network_header(skb);
+ /* Save offset of outer header relative to skb->head,
+ * because we are going to reset the network header to the inner header
+ * and might change skb->head.
+ */
+ nh = skb_network_header(skb) - skb->head;
+
skb_reset_network_header(skb);
+ if (!pskb_inet_may_pull(skb)) {
+ DEV_STATS_INC(vxlan->dev, rx_length_errors);
+ DEV_STATS_INC(vxlan->dev, rx_errors);
+ vxlan_vnifilter_count(vxlan, vni, vninode,
+ VXLAN_VNI_STATS_RX_ERRORS, 0);
+ goto drop;
+ }
+
+ /* Get the outer header. */
+ oiph = skb->head + nh;
+
if (!vxlan_ecn_decapsulate(vs, oiph, skb)) {
DEV_STATS_INC(vxlan->dev, rx_frame_errors);
DEV_STATS_INC(vxlan->dev, rx_errors);
--
2.39.2
^ permalink raw reply related [flat|nested] 6+ messages in thread* Re: [PATCH net] vxlan: Pull inner IP header in vxlan_rcv().
2024-04-30 16:50 [PATCH net] vxlan: Pull inner IP header in vxlan_rcv() Guillaume Nault
@ 2024-05-01 10:02 ` Ido Schimmel
2024-05-01 10:10 ` Eric Dumazet
2024-05-01 11:00 ` Nikolay Aleksandrov
` (2 subsequent siblings)
3 siblings, 1 reply; 6+ messages in thread
From: Ido Schimmel @ 2024-05-01 10:02 UTC (permalink / raw)
To: Guillaume Nault
Cc: David Miller, Jakub Kicinski, Paolo Abeni, Eric Dumazet, netdev,
Amit Cohen, Petr Machata, Nikolay Aleksandrov, Jiri Benc,
Breno Leitao, Stephen Hemminger
On Tue, Apr 30, 2024 at 06:50:13PM +0200, Guillaume Nault wrote:
> Ensure the inner IP header is part of skb's linear data before reading
> its ECN bits. Otherwise we might read garbage.
> One symptom is the system erroneously logging errors like
> "vxlan: non-ECT from xxx.xxx.xxx.xxx with TOS=xxxx".
>
> Similar bugs have been fixed in geneve, ip_tunnel and ip6_tunnel (see
> commit 1ca1ba465e55 ("geneve: make sure to pull inner header in
> geneve_rx()") for example). So let's reuse the same code structure for
> consistency. Maybe we'll can add a common helper in the future.
>
> Fixes: d342894c5d2f ("vxlan: virtual extensible lan")
> Signed-off-by: Guillaume Nault <gnault@redhat.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [PATCH net] vxlan: Pull inner IP header in vxlan_rcv().
2024-05-01 10:02 ` Ido Schimmel
@ 2024-05-01 10:10 ` Eric Dumazet
0 siblings, 0 replies; 6+ messages in thread
From: Eric Dumazet @ 2024-05-01 10:10 UTC (permalink / raw)
To: Ido Schimmel
Cc: Guillaume Nault, David Miller, Jakub Kicinski, Paolo Abeni,
netdev, Amit Cohen, Petr Machata, Nikolay Aleksandrov, Jiri Benc,
Breno Leitao, Stephen Hemminger
On Wed, May 1, 2024 at 12:03 PM Ido Schimmel <idosch@nvidia.com> wrote:
>
> On Tue, Apr 30, 2024 at 06:50:13PM +0200, Guillaume Nault wrote:
> > Ensure the inner IP header is part of skb's linear data before reading
> > its ECN bits. Otherwise we might read garbage.
> > One symptom is the system erroneously logging errors like
> > "vxlan: non-ECT from xxx.xxx.xxx.xxx with TOS=xxxx".
> >
> > Similar bugs have been fixed in geneve, ip_tunnel and ip6_tunnel (see
> > commit 1ca1ba465e55 ("geneve: make sure to pull inner header in
> > geneve_rx()") for example). So let's reuse the same code structure for
> > consistency. Maybe we'll can add a common helper in the future.
> >
> > Fixes: d342894c5d2f ("vxlan: virtual extensible lan")
> > Signed-off-by: Guillaume Nault <gnault@redhat.com>
>
> Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Thanks !
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH net] vxlan: Pull inner IP header in vxlan_rcv().
2024-04-30 16:50 [PATCH net] vxlan: Pull inner IP header in vxlan_rcv() Guillaume Nault
2024-05-01 10:02 ` Ido Schimmel
@ 2024-05-01 11:00 ` Nikolay Aleksandrov
2024-05-01 15:57 ` Sabrina Dubroca
2024-05-02 2:20 ` patchwork-bot+netdevbpf
3 siblings, 0 replies; 6+ messages in thread
From: Nikolay Aleksandrov @ 2024-05-01 11:00 UTC (permalink / raw)
To: Guillaume Nault, David Miller, Jakub Kicinski, Paolo Abeni,
Eric Dumazet
Cc: netdev, Ido Schimmel, Amit Cohen, Petr Machata, Jiri Benc,
Breno Leitao, Stephen Hemminger
On 30/04/2024 19:50, Guillaume Nault wrote:
> Ensure the inner IP header is part of skb's linear data before reading
> its ECN bits. Otherwise we might read garbage.
> One symptom is the system erroneously logging errors like
> "vxlan: non-ECT from xxx.xxx.xxx.xxx with TOS=xxxx".
>
> Similar bugs have been fixed in geneve, ip_tunnel and ip6_tunnel (see
> commit 1ca1ba465e55 ("geneve: make sure to pull inner header in
> geneve_rx()") for example). So let's reuse the same code structure for
> consistency. Maybe we'll can add a common helper in the future.
>
> Fixes: d342894c5d2f ("vxlan: virtual extensible lan")
> Signed-off-by: Guillaume Nault <gnault@redhat.com>
> ---
> drivers/net/vxlan/vxlan_core.c | 19 ++++++++++++++++++-
> 1 file changed, 18 insertions(+), 1 deletion(-)
>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [PATCH net] vxlan: Pull inner IP header in vxlan_rcv().
2024-04-30 16:50 [PATCH net] vxlan: Pull inner IP header in vxlan_rcv() Guillaume Nault
2024-05-01 10:02 ` Ido Schimmel
2024-05-01 11:00 ` Nikolay Aleksandrov
@ 2024-05-01 15:57 ` Sabrina Dubroca
2024-05-02 2:20 ` patchwork-bot+netdevbpf
3 siblings, 0 replies; 6+ messages in thread
From: Sabrina Dubroca @ 2024-05-01 15:57 UTC (permalink / raw)
To: Guillaume Nault
Cc: David Miller, Jakub Kicinski, Paolo Abeni, Eric Dumazet, netdev,
Ido Schimmel, Amit Cohen, Petr Machata, Nikolay Aleksandrov,
Jiri Benc, Breno Leitao, Stephen Hemminger
2024-04-30, 18:50:13 +0200, Guillaume Nault wrote:
> Ensure the inner IP header is part of skb's linear data before reading
> its ECN bits. Otherwise we might read garbage.
> One symptom is the system erroneously logging errors like
> "vxlan: non-ECT from xxx.xxx.xxx.xxx with TOS=xxxx".
>
> Similar bugs have been fixed in geneve, ip_tunnel and ip6_tunnel (see
> commit 1ca1ba465e55 ("geneve: make sure to pull inner header in
> geneve_rx()") for example). So let's reuse the same code structure for
> consistency. Maybe we'll can add a common helper in the future.
>
> Fixes: d342894c5d2f ("vxlan: virtual extensible lan")
> Signed-off-by: Guillaume Nault <gnault@redhat.com>
> ---
> drivers/net/vxlan/vxlan_core.c | 19 ++++++++++++++++++-
> 1 file changed, 18 insertions(+), 1 deletion(-)
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
--
Sabrina
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [PATCH net] vxlan: Pull inner IP header in vxlan_rcv().
2024-04-30 16:50 [PATCH net] vxlan: Pull inner IP header in vxlan_rcv() Guillaume Nault
` (2 preceding siblings ...)
2024-05-01 15:57 ` Sabrina Dubroca
@ 2024-05-02 2:20 ` patchwork-bot+netdevbpf
3 siblings, 0 replies; 6+ messages in thread
From: patchwork-bot+netdevbpf @ 2024-05-02 2:20 UTC (permalink / raw)
To: Guillaume Nault
Cc: davem, kuba, pabeni, edumazet, netdev, idosch, amcohen, petrm,
razor, jbenc, leitao, stephen
Hello:
This patch was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@kernel.org>:
On Tue, 30 Apr 2024 18:50:13 +0200 you wrote:
> Ensure the inner IP header is part of skb's linear data before reading
> its ECN bits. Otherwise we might read garbage.
> One symptom is the system erroneously logging errors like
> "vxlan: non-ECT from xxx.xxx.xxx.xxx with TOS=xxxx".
>
> Similar bugs have been fixed in geneve, ip_tunnel and ip6_tunnel (see
> commit 1ca1ba465e55 ("geneve: make sure to pull inner header in
> geneve_rx()") for example). So let's reuse the same code structure for
> consistency. Maybe we'll can add a common helper in the future.
>
> [...]
Here is the summary with links:
- [net] vxlan: Pull inner IP header in vxlan_rcv().
https://git.kernel.org/netdev/net/c/f7789419137b
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-05-02 2:20 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-04-30 16:50 [PATCH net] vxlan: Pull inner IP header in vxlan_rcv() Guillaume Nault
2024-05-01 10:02 ` Ido Schimmel
2024-05-01 10:10 ` Eric Dumazet
2024-05-01 11:00 ` Nikolay Aleksandrov
2024-05-01 15:57 ` Sabrina Dubroca
2024-05-02 2:20 ` patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).