From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Alexander Sverdlin <alexander.sverdlin@nokia.com>,
"David S . Miller" <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>,
netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 4.19 088/106] macvlan: Skip loopback packets in RX handler
Date: Mon, 8 Jun 2020 19:22:20 -0400 [thread overview]
Message-ID: <20200608232238.3368589-88-sashal@kernel.org> (raw)
In-Reply-To: <20200608232238.3368589-1-sashal@kernel.org>
From: Alexander Sverdlin <alexander.sverdlin@nokia.com>
[ Upstream commit 81f3dc9349ce0bf7b8447f147f45e70f0a5b36a6 ]
Ignore loopback-originatig packets soon enough and don't try to process L2
header where it doesn't exist. The very similar br_handle_frame() in bridge
code performs exactly the same check.
This is an example of such ICMPv6 packet:
skb len=96 headroom=40 headlen=96 tailroom=56
mac=(40,0) net=(40,40) trans=80
shinfo(txflags=0 nr_frags=0 gso(size=0 type=0 segs=0))
csum(0xae2e9a2f ip_summed=1 complete_sw=0 valid=0 level=0)
hash(0xc97ebd88 sw=1 l4=1) proto=0x86dd pkttype=5 iif=24
dev name=etha01.212 feat=0x0x0000000040005000
skb headroom: 00000000: 00 7c 86 52 84 88 ff ff 00 00 00 00 00 00 08 00
skb headroom: 00000010: 45 00 00 9e 5d 5c 40 00 40 11 33 33 00 00 00 01
skb headroom: 00000020: 02 40 43 80 00 00 86 dd
skb linear: 00000000: 60 09 88 bd 00 38 3a ff fe 80 00 00 00 00 00 00
skb linear: 00000010: 00 40 43 ff fe 80 00 00 ff 02 00 00 00 00 00 00
skb linear: 00000020: 00 00 00 00 00 00 00 01 86 00 61 00 40 00 00 2d
skb linear: 00000030: 00 00 00 00 00 00 00 00 03 04 40 e0 00 00 01 2c
skb linear: 00000040: 00 00 00 78 00 00 00 00 fd 5f 42 68 23 87 a8 81
skb linear: 00000050: 00 00 00 00 00 00 00 00 01 01 02 40 43 80 00 00
skb tailroom: 00000000: ...
skb tailroom: 00000010: ...
skb tailroom: 00000020: ...
skb tailroom: 00000030: ...
Call Trace, how it happens exactly:
...
macvlan_handle_frame+0x321/0x425 [macvlan]
? macvlan_forward_source+0x110/0x110 [macvlan]
__netif_receive_skb_core+0x545/0xda0
? enqueue_task_fair+0xe5/0x8e0
? __netif_receive_skb_one_core+0x36/0x70
__netif_receive_skb_one_core+0x36/0x70
process_backlog+0x97/0x140
net_rx_action+0x1eb/0x350
? __hrtimer_run_queues+0x136/0x2e0
__do_softirq+0xe3/0x383
do_softirq_own_stack+0x2a/0x40
</IRQ>
do_softirq.part.4+0x4e/0x50
netif_rx_ni+0x60/0xd0
dev_loopback_xmit+0x83/0xf0
ip6_finish_output2+0x575/0x590 [ipv6]
? ip6_cork_release.isra.1+0x64/0x90 [ipv6]
? __ip6_make_skb+0x38d/0x680 [ipv6]
? ip6_output+0x6c/0x140 [ipv6]
ip6_output+0x6c/0x140 [ipv6]
ip6_send_skb+0x1e/0x60 [ipv6]
rawv6_sendmsg+0xc4b/0xe10 [ipv6]
? proc_put_long+0xd0/0xd0
? rw_copy_check_uvector+0x4e/0x110
? sock_sendmsg+0x36/0x40
sock_sendmsg+0x36/0x40
___sys_sendmsg+0x2b6/0x2d0
? proc_dointvec+0x23/0x30
? addrconf_sysctl_forward+0x8d/0x250 [ipv6]
? dev_forward_change+0x130/0x130 [ipv6]
? _raw_spin_unlock+0x12/0x30
? proc_sys_call_handler.isra.14+0x9f/0x110
? __call_rcu+0x213/0x510
? get_max_files+0x10/0x10
? trace_hardirqs_on+0x2c/0xe0
? __sys_sendmsg+0x63/0xa0
__sys_sendmsg+0x63/0xa0
do_syscall_64+0x6c/0x1e0
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Signed-off-by: Alexander Sverdlin <alexander.sverdlin@nokia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/macvlan.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c
index 225bfc808112..349123592af0 100644
--- a/drivers/net/macvlan.c
+++ b/drivers/net/macvlan.c
@@ -451,6 +451,10 @@ static rx_handler_result_t macvlan_handle_frame(struct sk_buff **pskb)
int ret;
rx_handler_result_t handle_res;
+ /* Packets from dev_loopback_xmit() do not have L2 header, bail out */
+ if (unlikely(skb->pkt_type == PACKET_LOOPBACK))
+ return RX_HANDLER_PASS;
+
port = macvlan_port_get_rcu(skb->dev);
if (is_multicast_ether_addr(eth->h_dest)) {
unsigned int hash;
--
2.25.1
next prev parent reply other threads:[~2020-06-08 23:53 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-08 23:20 [PATCH AUTOSEL 4.19 001/106] ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb Sasha Levin
2020-06-08 23:20 ` [PATCH AUTOSEL 4.19 002/106] ath9k: Fix use-after-free Write in ath9k_htc_rx_msg Sasha Levin
2020-06-08 23:21 ` [PATCH AUTOSEL 4.19 008/106] net: atlantic: make hw_get_regs optional Sasha Levin
2020-06-08 23:21 ` [PATCH AUTOSEL 4.19 009/106] net: ena: fix error returning in ena_com_get_hash_function() Sasha Levin
2020-06-08 23:21 ` [PATCH AUTOSEL 4.19 015/106] ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K Sasha Levin
2020-06-08 23:21 ` [PATCH AUTOSEL 4.19 017/106] Bluetooth: Add SCO fallback for invalid LMP parameters error Sasha Levin
2020-06-08 23:21 ` [PATCH AUTOSEL 4.19 025/106] batman-adv: Revert "disable ethtool link speed detection when auto negotiation off" Sasha Levin
2020-06-08 23:21 ` [PATCH AUTOSEL 4.19 029/106] net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() Sasha Levin
2020-06-08 23:21 ` [PATCH AUTOSEL 4.19 031/106] ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx Sasha Levin
2020-06-08 23:21 ` [PATCH AUTOSEL 4.19 032/106] ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb Sasha Levin
2020-06-08 23:21 ` [PATCH AUTOSEL 4.19 033/106] brcmfmac: fix wrong location to get firmware feature Sasha Levin
2020-06-08 23:21 ` [PATCH AUTOSEL 4.19 035/106] e1000: Distribute switch variables for initialization Sasha Levin
2020-06-08 23:21 ` [PATCH AUTOSEL 4.19 043/106] netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported Sasha Levin
2020-06-08 23:21 ` [PATCH AUTOSEL 4.19 044/106] selftests/bpf: Fix memory leak in extract_build_id() Sasha Levin
2020-06-08 23:21 ` [PATCH AUTOSEL 4.19 045/106] net: bcmgenet: set Rx mode before starting netif Sasha Levin
2020-06-08 23:21 ` [PATCH AUTOSEL 4.19 051/106] net: lpc-enet: fix error return code in lpc_mii_init() Sasha Levin
2020-06-08 23:21 ` [PATCH AUTOSEL 4.19 053/106] net: allwinner: Fix use correct return type for ndo_start_xmit() Sasha Levin
2020-06-08 23:21 ` [PATCH AUTOSEL 4.19 055/106] ath9k_htc: Silence undersized packet warnings Sasha Levin
2020-06-08 23:22 ` [PATCH AUTOSEL 4.19 068/106] ath10k: Remove msdu from idr when management pkt send fails Sasha Levin
2020-06-08 23:22 ` [PATCH AUTOSEL 4.19 069/106] wcn36xx: Fix error handling path in 'wcn36xx_probe()' Sasha Levin
2020-06-08 23:22 ` [PATCH AUTOSEL 4.19 070/106] net: qed*: Reduce RX and TX default ring count when running inside kdump kernel Sasha Levin
2020-06-08 23:22 ` [PATCH AUTOSEL 4.19 071/106] mt76: avoid rx reorder buffer overflow Sasha Levin
2020-06-08 23:22 ` [PATCH AUTOSEL 4.19 073/106] net: dsa: mt7530: set CPU port to fallback mode Sasha Levin
2020-06-08 23:22 ` [PATCH AUTOSEL 4.19 074/106] veth: Adjust hard_start offset on redirect XDP frames Sasha Levin
2020-06-08 23:22 ` [PATCH AUTOSEL 4.19 075/106] net/mlx5e: IPoIB, Drop multicast packets that this interface sent Sasha Levin
2020-06-08 23:22 ` [PATCH AUTOSEL 4.19 076/106] rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() Sasha Levin
2020-06-08 23:22 ` [PATCH AUTOSEL 4.19 077/106] mwifiex: Fix memory corruption in dump_station Sasha Levin
2020-06-08 23:22 ` [PATCH AUTOSEL 4.19 087/106] net: ethernet: fec: move GPR register offset and bit into DT Sasha Levin
2020-06-08 23:22 ` Sasha Levin [this message]
2020-06-08 23:22 ` [PATCH AUTOSEL 4.19 097/106] ixgbe: fix signed-integer-overflow warning Sasha Levin
2020-06-08 23:22 ` [PATCH AUTOSEL 4.19 104/106] vxlan: Avoid infinite loop when suppressing NS messages with invalid options Sasha Levin
2020-06-08 23:22 ` [PATCH AUTOSEL 4.19 105/106] net_failover: fixed rollback in net_failover_open() Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200608232238.3368589-88-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=alexander.sverdlin@nokia.com \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).