* [PATCH net 0/2] bonding/team: basic dev->needed_headroom support
@ 2020-09-25 13:38 Eric Dumazet
2020-09-25 13:38 ` [PATCH net 1/2] bonding: set dev->needed_headroom in bond_setup_by_slave() Eric Dumazet
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Eric Dumazet @ 2020-09-25 13:38 UTC (permalink / raw)
To: David S . Miller; +Cc: netdev, Eric Dumazet, Eric Dumazet
Both bonding and team drivers support non-ethernet devices,
but missed proper dev->needed_headroom initializations.
syzbot found a crash caused by bonding, I mirrored the fix in team as well.
Eric Dumazet (2):
bonding: set dev->needed_headroom in bond_setup_by_slave()
team: set dev->needed_headroom in team_setup_by_port()
drivers/net/bonding/bond_main.c | 1 +
drivers/net/team/team.c | 1 +
2 files changed, 2 insertions(+)
--
2.28.0.681.g6f77f65b4e-goog
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH net 1/2] bonding: set dev->needed_headroom in bond_setup_by_slave()
2020-09-25 13:38 [PATCH net 0/2] bonding/team: basic dev->needed_headroom support Eric Dumazet
@ 2020-09-25 13:38 ` Eric Dumazet
2020-09-25 13:38 ` [PATCH net 2/2] team: set dev->needed_headroom in team_setup_by_port() Eric Dumazet
2020-09-26 0:06 ` [PATCH net 0/2] bonding/team: basic dev->needed_headroom support David Miller
2 siblings, 0 replies; 4+ messages in thread
From: Eric Dumazet @ 2020-09-25 13:38 UTC (permalink / raw)
To: David S . Miller; +Cc: netdev, Eric Dumazet, Eric Dumazet, syzbot
syzbot managed to crash a host by creating a bond
with a GRE device.
For non Ethernet device, bonding calls bond_setup_by_slave()
instead of ether_setup(), and unfortunately dev->needed_headroom
was not copied from the new added member.
[ 171.243095] skbuff: skb_under_panic: text:ffffffffa184b9ea len:116 put:20 head:ffff883f84012dc0 data:ffff883f84012dbc tail:0x70 end:0xd00 dev:bond0
[ 171.243111] ------------[ cut here ]------------
[ 171.243112] kernel BUG at net/core/skbuff.c:112!
[ 171.243117] invalid opcode: 0000 [#1] SMP KASAN PTI
[ 171.243469] gsmi: Log Shutdown Reason 0x03
[ 171.243505] Call Trace:
[ 171.243506] <IRQ>
[ 171.243512] [<ffffffffa171be59>] skb_push+0x49/0x50
[ 171.243516] [<ffffffffa184b9ea>] ipgre_header+0x2a/0xf0
[ 171.243520] [<ffffffffa17452d7>] neigh_connected_output+0xb7/0x100
[ 171.243524] [<ffffffffa186f1d3>] ip6_finish_output2+0x383/0x490
[ 171.243528] [<ffffffffa186ede2>] __ip6_finish_output+0xa2/0x110
[ 171.243531] [<ffffffffa186acbc>] ip6_finish_output+0x2c/0xa0
[ 171.243534] [<ffffffffa186abe9>] ip6_output+0x69/0x110
[ 171.243537] [<ffffffffa186ac90>] ? ip6_output+0x110/0x110
[ 171.243541] [<ffffffffa189d952>] mld_sendpack+0x1b2/0x2d0
[ 171.243544] [<ffffffffa189d290>] ? mld_send_report+0xf0/0xf0
[ 171.243548] [<ffffffffa189c797>] mld_ifc_timer_expire+0x2d7/0x3b0
[ 171.243551] [<ffffffffa189c4c0>] ? mld_gq_timer_expire+0x50/0x50
[ 171.243556] [<ffffffffa0fea270>] call_timer_fn+0x30/0x130
[ 171.243559] [<ffffffffa0fea17c>] expire_timers+0x4c/0x110
[ 171.243563] [<ffffffffa0fea0e3>] __run_timers+0x213/0x260
[ 171.243566] [<ffffffffa0fecb7d>] ? ktime_get+0x3d/0xa0
[ 171.243570] [<ffffffffa0ff9c4e>] ? clockevents_program_event+0x7e/0xe0
[ 171.243574] [<ffffffffa0f7e5d5>] ? sched_clock_cpu+0x15/0x190
[ 171.243577] [<ffffffffa0fe973d>] run_timer_softirq+0x1d/0x40
[ 171.243581] [<ffffffffa1c00152>] __do_softirq+0x152/0x2f0
[ 171.243585] [<ffffffffa0f44e1f>] irq_exit+0x9f/0xb0
[ 171.243588] [<ffffffffa1a02e1d>] smp_apic_timer_interrupt+0xfd/0x1a0
[ 171.243591] [<ffffffffa1a01ea6>] apic_timer_interrupt+0x86/0x90
Fixes: f5184d267c1a ("net: Allow netdevices to specify needed head/tailroom")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
---
drivers/net/bonding/bond_main.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index 42ef25ec0af5b089365c5a0b0378c40c22db1afe..14740d3053b8ad2b0b0fcbe6666a44bca384bb7d 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -1315,6 +1315,7 @@ static void bond_setup_by_slave(struct net_device *bond_dev,
bond_dev->type = slave_dev->type;
bond_dev->hard_header_len = slave_dev->hard_header_len;
+ bond_dev->needed_headroom = slave_dev->needed_headroom;
bond_dev->addr_len = slave_dev->addr_len;
memcpy(bond_dev->broadcast, slave_dev->broadcast,
--
2.28.0.681.g6f77f65b4e-goog
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH net 2/2] team: set dev->needed_headroom in team_setup_by_port()
2020-09-25 13:38 [PATCH net 0/2] bonding/team: basic dev->needed_headroom support Eric Dumazet
2020-09-25 13:38 ` [PATCH net 1/2] bonding: set dev->needed_headroom in bond_setup_by_slave() Eric Dumazet
@ 2020-09-25 13:38 ` Eric Dumazet
2020-09-26 0:06 ` [PATCH net 0/2] bonding/team: basic dev->needed_headroom support David Miller
2 siblings, 0 replies; 4+ messages in thread
From: Eric Dumazet @ 2020-09-25 13:38 UTC (permalink / raw)
To: David S . Miller; +Cc: netdev, Eric Dumazet, Eric Dumazet
Some devices set needed_headroom. If we ignore it, we might
end up crashing in various skb_push() for example in ipgre_header()
since some layers assume enough headroom has been reserved.
Fixes: 1d76efe1577b ("team: add support for non-ethernet devices")
Signed-off-by: Eric Dumazet <edumazet@google.com>
---
drivers/net/team/team.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c
index 8c1e02752ff61f8752df7b435ced4ef376dbe682..69dfb1a49cc8532004f80c30359b7ab36e9630b8 100644
--- a/drivers/net/team/team.c
+++ b/drivers/net/team/team.c
@@ -2112,6 +2112,7 @@ static void team_setup_by_port(struct net_device *dev,
dev->header_ops = port_dev->header_ops;
dev->type = port_dev->type;
dev->hard_header_len = port_dev->hard_header_len;
+ dev->needed_headroom = port_dev->needed_headroom;
dev->addr_len = port_dev->addr_len;
dev->mtu = port_dev->mtu;
memcpy(dev->broadcast, port_dev->broadcast, port_dev->addr_len);
--
2.28.0.681.g6f77f65b4e-goog
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH net 0/2] bonding/team: basic dev->needed_headroom support
2020-09-25 13:38 [PATCH net 0/2] bonding/team: basic dev->needed_headroom support Eric Dumazet
2020-09-25 13:38 ` [PATCH net 1/2] bonding: set dev->needed_headroom in bond_setup_by_slave() Eric Dumazet
2020-09-25 13:38 ` [PATCH net 2/2] team: set dev->needed_headroom in team_setup_by_port() Eric Dumazet
@ 2020-09-26 0:06 ` David Miller
2 siblings, 0 replies; 4+ messages in thread
From: David Miller @ 2020-09-26 0:06 UTC (permalink / raw)
To: edumazet; +Cc: netdev, eric.dumazet
From: Eric Dumazet <edumazet@google.com>
Date: Fri, 25 Sep 2020 06:38:06 -0700
> Both bonding and team drivers support non-ethernet devices,
> but missed proper dev->needed_headroom initializations.
>
> syzbot found a crash caused by bonding, I mirrored the fix in team as well.
Series applied, thanks Eric.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-09-26 0:06 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-25 13:38 [PATCH net 0/2] bonding/team: basic dev->needed_headroom support Eric Dumazet
2020-09-25 13:38 ` [PATCH net 1/2] bonding: set dev->needed_headroom in bond_setup_by_slave() Eric Dumazet
2020-09-25 13:38 ` [PATCH net 2/2] team: set dev->needed_headroom in team_setup_by_port() Eric Dumazet
2020-09-26 0:06 ` [PATCH net 0/2] bonding/team: basic dev->needed_headroom support David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).