From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
alan@lxorguk.ukuu.org.uk, Florian Zumbiehl <florz@florz.de>,
"David S. Miller" <davem@davemloft.net>
Subject: [ 72/85] vlan: dont deliver frames for unknown vlans to protocols
Date: Thu, 25 Oct 2012 17:06:30 -0700 [thread overview]
Message-ID: <20121026000038.354845200@linuxfoundation.org> (raw)
In-Reply-To: <20121026000031.107227138@linuxfoundation.org>
3.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Florian Zumbiehl <florz@florz.de>
[ Upstream commit 48cc32d38a52d0b68f91a171a8d00531edc6a46e ]
6a32e4f9dd9219261f8856f817e6655114cfec2f made the vlan code skip marking
vlan-tagged frames for not locally configured vlans as PACKET_OTHERHOST if
there was an rx_handler, as the rx_handler could cause the frame to be received
on a different (virtual) vlan-capable interface where that vlan might be
configured.
As rx_handlers do not necessarily return RX_HANDLER_ANOTHER, this could cause
frames for unknown vlans to be delivered to the protocol stack as if they had
been received untagged.
For example, if an ipv6 router advertisement that's tagged for a locally not
configured vlan is received on an interface with macvlan interfaces attached,
macvlan's rx_handler returns RX_HANDLER_PASS after delivering the frame to the
macvlan interfaces, which caused it to be passed to the protocol stack, leading
to ipv6 addresses for the announced prefix being configured even though those
are completely unusable on the underlying interface.
The fix moves marking as PACKET_OTHERHOST after the rx_handler so the
rx_handler, if there is one, sees the frame unchanged, but afterwards,
before the frame is delivered to the protocol stack, it gets marked whether
there is an rx_handler or not.
Signed-off-by: Florian Zumbiehl <florz@florz.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/if_vlan.h | 8 ++++----
net/8021q/vlan_core.c | 10 ++--------
net/core/dev.c | 7 +++++--
3 files changed, 11 insertions(+), 14 deletions(-)
--- a/include/linux/if_vlan.h
+++ b/include/linux/if_vlan.h
@@ -82,6 +82,8 @@ static inline int is_vlan_dev(struct net
}
#define vlan_tx_tag_present(__skb) ((__skb)->vlan_tci & VLAN_TAG_PRESENT)
+#define vlan_tx_nonzero_tag_present(__skb) \
+ (vlan_tx_tag_present(__skb) && ((__skb)->vlan_tci & VLAN_VID_MASK))
#define vlan_tx_tag_get(__skb) ((__skb)->vlan_tci & ~VLAN_TAG_PRESENT)
#if defined(CONFIG_VLAN_8021Q) || defined(CONFIG_VLAN_8021Q_MODULE)
@@ -91,7 +93,7 @@ extern struct net_device *__vlan_find_de
extern struct net_device *vlan_dev_real_dev(const struct net_device *dev);
extern u16 vlan_dev_vlan_id(const struct net_device *dev);
-extern bool vlan_do_receive(struct sk_buff **skb, bool last_handler);
+extern bool vlan_do_receive(struct sk_buff **skb);
extern struct sk_buff *vlan_untag(struct sk_buff *skb);
extern int vlan_vid_add(struct net_device *dev, unsigned short vid);
@@ -120,10 +122,8 @@ static inline u16 vlan_dev_vlan_id(const
return 0;
}
-static inline bool vlan_do_receive(struct sk_buff **skb, bool last_handler)
+static inline bool vlan_do_receive(struct sk_buff **skb)
{
- if (((*skb)->vlan_tci & VLAN_VID_MASK) && last_handler)
- (*skb)->pkt_type = PACKET_OTHERHOST;
return false;
}
--- a/net/8021q/vlan_core.c
+++ b/net/8021q/vlan_core.c
@@ -5,7 +5,7 @@
#include <linux/export.h>
#include "vlan.h"
-bool vlan_do_receive(struct sk_buff **skbp, bool last_handler)
+bool vlan_do_receive(struct sk_buff **skbp)
{
struct sk_buff *skb = *skbp;
u16 vlan_id = skb->vlan_tci & VLAN_VID_MASK;
@@ -13,14 +13,8 @@ bool vlan_do_receive(struct sk_buff **sk
struct vlan_pcpu_stats *rx_stats;
vlan_dev = vlan_find_dev(skb->dev, vlan_id);
- if (!vlan_dev) {
- /* Only the last call to vlan_do_receive() should change
- * pkt_type to PACKET_OTHERHOST
- */
- if (vlan_id && last_handler)
- skb->pkt_type = PACKET_OTHERHOST;
+ if (!vlan_dev)
return false;
- }
skb = *skbp = skb_share_check(skb, GFP_ATOMIC);
if (unlikely(!skb))
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -3275,18 +3275,18 @@ ncls:
&& !skb_pfmemalloc_protocol(skb))
goto drop;
- rx_handler = rcu_dereference(skb->dev->rx_handler);
if (vlan_tx_tag_present(skb)) {
if (pt_prev) {
ret = deliver_skb(skb, pt_prev, orig_dev);
pt_prev = NULL;
}
- if (vlan_do_receive(&skb, !rx_handler))
+ if (vlan_do_receive(&skb))
goto another_round;
else if (unlikely(!skb))
goto unlock;
}
+ rx_handler = rcu_dereference(skb->dev->rx_handler);
if (rx_handler) {
if (pt_prev) {
ret = deliver_skb(skb, pt_prev, orig_dev);
@@ -3306,6 +3306,9 @@ ncls:
}
}
+ if (vlan_tx_nonzero_tag_present(skb))
+ skb->pkt_type = PACKET_OTHERHOST;
+
/* deliver only exact match when indicated */
null_or_dev = deliver_exact ? skb->dev : NULL;
next prev parent reply other threads:[~2012-10-26 0:06 UTC|newest]
Thread overview: 90+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-26 0:05 [ 00/85] 3.6.4-stable review Greg Kroah-Hartman
2012-10-26 0:05 ` [ 01/85] ext4: race-condition protection for ext4_convert_unwritten_extents_endio Greg Kroah-Hartman
2012-10-26 0:05 ` [ 02/85] ext4: Checksum the block bitmap properly with bigalloc enabled Greg Kroah-Hartman
2012-10-26 0:05 ` [ 03/85] ext4: Avoid underflow in ext4_trim_fs() Greg Kroah-Hartman
2012-10-26 0:05 ` [ 04/85] usbdevfs: Fix broken scatter-gather transfer Greg Kroah-Hartman
2012-10-26 0:05 ` [ 05/85] hwmon: (coretemp) Add support for Atom CE4110/4150/4170 Greg Kroah-Hartman
2012-10-26 0:05 ` [ 06/85] nohz: Fix idle ticks in cpu summary line of /proc/stat Greg Kroah-Hartman
2012-10-26 0:05 ` [ 07/85] arch/tile: avoid generating .eh_frame information in modules Greg Kroah-Hartman
2012-10-26 0:05 ` [ 08/85] NLM: nlm_lookup_file() may return NLMv4-specific error codes Greg Kroah-Hartman
2012-10-26 0:05 ` [ 09/85] oprofile, x86: Fix wrapping bug in op_x86_get_ctrl() Greg Kroah-Hartman
2012-10-26 0:05 ` [ 10/85] s390: fix linker script for 31 bit builds Greg Kroah-Hartman
2012-10-26 0:05 ` [ 11/85] SUNRPC: Prevent kernel stack corruption on long values of flush Greg Kroah-Hartman
2012-10-26 0:05 ` [ 12/85] SUNRPC: Set alloc_slot for backchannel tcp ops Greg Kroah-Hartman
2012-10-26 0:05 ` [ 13/85] ring-buffer: Check for uninitialized cpu buffer before resizing Greg Kroah-Hartman
2012-10-26 0:05 ` [ 14/85] pcmcia: sharpsl: dont discard sharpsl_pcmcia_ops Greg Kroah-Hartman
2012-10-26 0:05 ` [ 15/85] kernel/sys.c: fix stack memory content leak via UNAME26 Greg Kroah-Hartman
2012-10-26 0:05 ` [ 17/85] x86, amd, mce: Avoid NULL pointer reference on CPU northbridge lookup Greg Kroah-Hartman
2012-10-26 0:05 ` [ 18/85] x86: Exclude E820_RESERVED regions and memory holes above 4 GB from direct mapping Greg Kroah-Hartman
2012-10-27 16:27 ` Ben Hutchings
2012-10-26 0:05 ` [ 19/85] xen/x86: dont corrupt %eip when returning from a signal handler Greg Kroah-Hartman
2012-10-26 0:05 ` [ 20/85] USB: cdc-acm: fix pipe type of write endpoint Greg Kroah-Hartman
2012-10-26 0:05 ` [ 21/85] usb: acm: fix the computation of the number of data bits Greg Kroah-Hartman
2012-10-26 0:05 ` [ 22/85] USB: io_ti: fix port-data memory leak Greg Kroah-Hartman
2012-10-26 0:05 ` [ 23/85] USB: io_ti: fix sysfs-attribute creation Greg Kroah-Hartman
2012-10-26 0:05 ` [ 24/85] USB: cyberjack: fix port-data memory leak Greg Kroah-Hartman
2012-10-26 0:05 ` [ 25/85] usb: musb: am35xx: drop spurious unplugging a device Greg Kroah-Hartman
2012-10-26 0:05 ` [ 26/85] usb: host: xhci: New system added for Compliance Mode Patch on SN65LVPE502CP Greg Kroah-Hartman
2012-10-27 17:18 ` Ben Hutchings
2012-11-01 19:25 ` Sarah Sharp
2012-10-26 0:05 ` [ 27/85] USB: iuu_phoenix: fix port-data memory leak Greg Kroah-Hartman
2012-10-26 0:05 ` [ 28/85] USB: iuu_phoenix: fix sysfs-attribute creation Greg Kroah-Hartman
2012-10-26 0:05 ` [ 29/85] USB: ark3116: fix NULL-pointer dereference Greg Kroah-Hartman
2012-10-26 0:05 ` [ 30/85] USB: f81232: fix port-data memory leak Greg Kroah-Hartman
2012-10-26 0:05 ` [ 31/85] USB: oti6858: " Greg Kroah-Hartman
2012-10-26 0:05 ` [ 32/85] USB: belkin_sa: " Greg Kroah-Hartman
2012-10-26 0:05 ` [ 33/85] USB: pl2303: " Greg Kroah-Hartman
2012-10-26 0:05 ` [ 34/85] USB: ssu100: " Greg Kroah-Hartman
2012-10-26 0:05 ` [ 35/85] USB: kobil_sct: " Greg Kroah-Hartman
2012-10-26 0:05 ` [ 36/85] USB: cypress_m8: " Greg Kroah-Hartman
2012-10-26 0:05 ` [ 37/85] USB: cp210x: " Greg Kroah-Hartman
2012-10-26 0:05 ` [ 38/85] USB: spcp8x5: " Greg Kroah-Hartman
2012-10-26 0:05 ` [ 39/85] USB: ti_usb_3410_5052: " Greg Kroah-Hartman
2012-10-26 0:05 ` [ 40/85] USB: kl5kusb105: " Greg Kroah-Hartman
2012-10-26 0:05 ` [ 41/85] USB: io_edgeport: " Greg Kroah-Hartman
2012-10-26 0:06 ` [ 42/85] USB: keyspan_pda: " Greg Kroah-Hartman
2012-10-26 0:06 ` [ 43/85] USB: option: blacklist net interface on ZTE devices Greg Kroah-Hartman
2012-10-26 0:06 ` [ 44/85] USB: option: add more " Greg Kroah-Hartman
2012-10-26 0:06 ` [ 45/85] usb: dwc3: gadget: fix endpoint always busy bug Greg Kroah-Hartman
2012-10-26 0:06 ` [ 46/85] usb: Dont enable LPM if the exit latency is zero Greg Kroah-Hartman
2012-10-26 0:06 ` [ 47/85] USB: Enable LPM after a failed probe Greg Kroah-Hartman
2012-10-26 0:06 ` [ 48/85] usb: Send Set SEL before enabling parent U1/U2 timeout Greg Kroah-Hartman
2012-10-26 0:06 ` [ 49/85] USB: fix port probing and removal in garmin_gps Greg Kroah-Hartman
2012-10-26 0:06 ` [ 50/85] cgroup: notify_on_release may not be triggered in some cases Greg Kroah-Hartman
2012-10-26 0:06 ` [ 51/85] Revert "cgroup: Remove task_lock() from cgroup_post_fork()" Greg Kroah-Hartman
2012-10-26 0:06 ` [ 52/85] Revert "cgroup: Drop task_lock(parent) on cgroup_fork()" Greg Kroah-Hartman
2012-10-26 0:06 ` [ 53/85] pinctrl: tegra: correct bank for pingroup and drv pingroup Greg Kroah-Hartman
2012-10-26 0:06 ` [ 54/85] dt: Document: correct tegra20/30 pinctrl slew-rate name Greg Kroah-Hartman
2012-10-26 0:06 ` [ 55/85] pinctrl: tegra: set low power mode bank width to 2 Greg Kroah-Hartman
2012-10-26 0:06 ` [ 56/85] pinctrl: remove mutex lock in groups show Greg Kroah-Hartman
2012-10-26 0:06 ` [ 57/85] pinctrl: fix missing unlock on error in pinctrl_groups_show() Greg Kroah-Hartman
2012-10-26 0:06 ` [ 58/85] iommu/tegra: smmu: Fix deadly typo Greg Kroah-Hartman
2012-10-26 0:06 ` [ 59/85] amd64_edac:__amd64_set_scrub_rate(): avoid overindexing scrubrates[] Greg Kroah-Hartman
2012-10-26 0:06 ` [ 60/85] xtensa: add missing system calls to the syscall table Greg Kroah-Hartman
2012-10-27 18:26 ` Ben Hutchings
2012-10-27 21:08 ` Chris Zankel
2012-10-26 0:06 ` [ 61/85] media: au0828: fix case where STREAMOFF being called on stopped stream causes BUG() Greg Kroah-Hartman
2012-10-26 0:06 ` [ 62/85] drm/i915: Use cpu relocations if the object is in the GTT but not mappable Greg Kroah-Hartman
2012-10-26 0:06 ` [ 63/85] netlink: add reference of module in netlink_dump_start Greg Kroah-Hartman
2012-10-26 0:06 ` [ 64/85] infiniband: pass rdma_cm module to netlink_dump_start Greg Kroah-Hartman
2012-10-26 0:06 ` [ 65/85] net: remove skb recycling Greg Kroah-Hartman
2012-10-26 0:06 ` [ 66/85] net: Fix skb_under_panic oops in neigh_resolve_output Greg Kroah-Hartman
2012-10-26 0:06 ` [ 67/85] ipv6: GRO should be ECN friendly Greg Kroah-Hartman
2012-10-26 0:06 ` [ 68/85] ipv4: Always invalidate or update the route on pmtu events Greg Kroah-Hartman
2012-10-26 0:06 ` [ 69/85] ipv4: Dont create nh exeption when the device mtu is smaller than the reported pmtu Greg Kroah-Hartman
2012-10-26 0:06 ` [ 70/85] ipv4: Dont report stale pmtu values to userspace Greg Kroah-Hartman
2012-10-26 0:06 ` [ 71/85] skge: Add DMA mask quirk for Marvell 88E8001 on ASUS P5NSLI motherboard Greg Kroah-Hartman
2012-10-26 0:06 ` Greg Kroah-Hartman [this message]
2012-10-26 0:06 ` [ 73/85] ipv4: fix sending of redirects Greg Kroah-Hartman
2012-10-26 0:06 ` [ 74/85] ipv4: fix forwarding for strict source routes Greg Kroah-Hartman
2012-10-26 0:06 ` [ 75/85] ipv4: make sure nh_pcpu_rth_output is always allocated Greg Kroah-Hartman
2012-10-26 0:06 ` [ 76/85] ipv4: introduce rt_uses_gateway Greg Kroah-Hartman
2012-10-26 0:06 ` [ 77/85] ipv4: Add FLOWI_FLAG_KNOWN_NH Greg Kroah-Hartman
2012-10-26 0:06 ` [ 78/85] ipvs: fix ARP resolving for direct routing mode Greg Kroah-Hartman
2012-10-26 0:06 ` [ 79/85] RDS: fix rds-ping spinlock recursion Greg Kroah-Hartman
2012-10-26 0:06 ` [ 80/85] tcp: resets are misrouted Greg Kroah-Hartman
2012-10-26 0:06 ` [ 81/85] ipv6: addrconf: fix /proc/net/if_inet6 Greg Kroah-Hartman
2012-10-26 0:06 ` [ 82/85] sparc64: fix ptrace interaction with force_successful_syscall_return() Greg Kroah-Hartman
2012-10-26 0:06 ` [ 83/85] sparc64: Like x86 we should check current->mm during perf backtrace generation Greg Kroah-Hartman
2012-10-26 0:06 ` [ 84/85] sparc64: Fix bit twiddling in sparc_pmu_enable_event() Greg Kroah-Hartman
2012-10-26 0:06 ` [ 85/85] mac80211: call drv_get_tsf() in sleepable context Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121026000038.354845200@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=davem@davemloft.net \
--cc=florz@florz.de \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).