1. 03 Dec, 2020 6 commits
  2. 02 Dec, 2020 4 commits
    • Yangbo Lu's avatar
      dpaa_eth: copy timestamp fields to new skb in A-050385 workaround · 07500a60
      Yangbo Lu authored
      The timestamp fields should be copied to new skb too in
      A-050385 workaround for later TX timestamping handling.
      
      Fixes: 3c68b8ff ("dpaa_eth: FMan erratum A050385 workaround")
      Signed-off-by: default avatarYangbo Lu <yangbo.lu@nxp.com>
      Acked-by: default avatarCamelia Groza <camelia.groza@nxp.com>
      Link: https://lore.kernel.org/r/20201201075258.1875-1-yangbo.lu@nxp.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      07500a60
    • Antoine Tenart's avatar
      net: ip6_gre: set dev->hard_header_len when using header_ops · 832ba596
      Antoine Tenart authored
      syzkaller managed to crash the kernel using an NBMA ip6gre interface. I
      could reproduce it creating an NBMA ip6gre interface and forwarding
      traffic to it:
      
        skbuff: skb_under_panic: text:ffffffff8250e927 len:148 put:44 head:ffff8c03c7a33
        ------------[ cut here ]------------
        kernel BUG at net/core/skbuff.c:109!
        Call Trace:
        skb_push+0x10/0x10
        ip6gre_header+0x47/0x1b0
        neigh_connected_output+0xae/0xf0
      
      ip6gre tunnel provides its own header_ops->create, and sets it
      conditionally when initializing the tunnel in NBMA mode. When
      header_ops->create is used, dev->hard_header_len should reflect the
      length of the header created. Otherwise, when not used,
      dev->needed_headroom should be used.
      
      Fixes: eb95f52f ("net: ipv6_gre: Fix GRO to work on IPv6 over GRE tap")
      Cc: Maria Pasechnik <mariap@mellanox.com>
      Signed-off-by: default avatarAntoine Tenart <atenart@kernel.org>
      Link: https://lore.kernel.org/r/20201130161911.464106-1-atenart@kernel.orgSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      832ba596
    • Eric Dumazet's avatar
      geneve: pull IP header before ECN decapsulation · 4179b00c
      Eric Dumazet authored
      IP_ECN_decapsulate() and IP6_ECN_decapsulate() assume
      IP header is already pulled.
      
      geneve does not ensure this yet.
      
      Fixing this generically in IP_ECN_decapsulate() and
      IP6_ECN_decapsulate() is not possible, since callers
      pass a pointer that might be freed by pskb_may_pull()
      
      syzbot reported :
      
      BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:238 [inline]
      BUG: KMSAN: uninit-value in INET_ECN_decapsulate+0x345/0x1db0 include/net/inet_ecn.h:260
      CPU: 1 PID: 8941 Comm: syz-executor.0 Not tainted 5.10.0-rc4-syzkaller #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      Call Trace:
       <IRQ>
       __dump_stack lib/dump_stack.c:77 [inline]
       dump_stack+0x21c/0x280 lib/dump_stack.c:118
       kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:118
       __msan_warning+0x5f/0xa0 mm/kmsan/kmsan_instr.c:197
       __INET_ECN_decapsulate include/net/inet_ecn.h:238 [inline]
       INET_ECN_decapsulate+0x345/0x1db0 include/net/inet_ecn.h:260
       geneve_rx+0x2103/0x2980 include/net/inet_ecn.h:306
       geneve_udp_encap_recv+0x105c/0x1340 drivers/net/geneve.c:377
       udp_queue_rcv_one_skb+0x193a/0x1af0 net/ipv4/udp.c:2093
       udp_queue_rcv_skb+0x282/0x1050 net/ipv4/udp.c:2167
       udp_unicast_rcv_skb net/ipv4/udp.c:2325 [inline]
       __udp4_lib_rcv+0x399d/0x5880 net/ipv4/udp.c:2394
       udp_rcv+0x5c/0x70 net/ipv4/udp.c:2564
       ip_protocol_deliver_rcu+0x572/0xc50 net/ipv4/ip_input.c:204
       ip_local_deliver_finish net/ipv4/ip_input.c:231 [inline]
       NF_HOOK include/linux/netfilter.h:301 [inline]
       ip_local_deliver+0x583/0x8d0 net/ipv4/ip_input.c:252
       dst_input include/net/dst.h:449 [inline]
       ip_rcv_finish net/ipv4/ip_input.c:428 [inline]
       NF_HOOK include/linux/netfilter.h:301 [inline]
       ip_rcv+0x5c3/0x840 net/ipv4/ip_input.c:539
       __netif_receive_skb_one_core net/core/dev.c:5315 [inline]
       __netif_receive_skb+0x1ec/0x640 net/core/dev.c:5429
       process_backlog+0x523/0xc10 net/core/dev.c:6319
       napi_poll+0x420/0x1010 net/core/dev.c:6763
       net_rx_action+0x35c/0xd40 net/core/dev.c:6833
       __do_softirq+0x1a9/0x6fa kernel/softirq.c:298
       asm_call_irq_on_stack+0xf/0x20
       </IRQ>
       __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline]
       run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline]
       do_softirq_own_stack+0x6e/0x90 arch/x86/kernel/irq_64.c:77
       do_softirq kernel/softirq.c:343 [inline]
       __local_bh_enable_ip+0x184/0x1d0 kernel/softirq.c:195
       local_bh_enable+0x36/0x40 include/linux/bottom_half.h:32
       rcu_read_unlock_bh include/linux/rcupdate.h:730 [inline]
       __dev_queue_xmit+0x3a9b/0x4520 net/core/dev.c:4167
       dev_queue_xmit+0x4b/0x60 net/core/dev.c:4173
       packet_snd net/packet/af_packet.c:2992 [inline]
       packet_sendmsg+0x86f9/0x99d0 net/packet/af_packet.c:3017
       sock_sendmsg_nosec net/socket.c:651 [inline]
       sock_sendmsg net/socket.c:671 [inline]
       __sys_sendto+0x9dc/0xc80 net/socket.c:1992
       __do_sys_sendto net/socket.c:2004 [inline]
       __se_sys_sendto+0x107/0x130 net/socket.c:2000
       __x64_sys_sendto+0x6e/0x90 net/socket.c:2000
       do_syscall_64+0x9f/0x140 arch/x86/entry/common.c:48
       entry_SYSCALL_64_after_hwframe+0x44/0xa9
      
      Fixes: 2d07dc79 ("geneve: add initial netdev driver for GENEVE tunnels")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Link: https://lore.kernel.org/r/20201201090507.4137906-1-eric.dumazet@gmail.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      4179b00c
    • Toke Høiland-Jørgensen's avatar
      inet_ecn: Fix endianness of checksum update when setting ECT(1) · 2867e1ea
      Toke Høiland-Jørgensen authored
      When adding support for propagating ECT(1) marking in IP headers it seems I
      suffered from endianness-confusion in the checksum update calculation: In
      fact the ECN field is in the *lower* bits of the first 16-bit word of the
      IP header when calculating in network byte order. This means that the
      addition performed to update the checksum field was wrong; let's fix that.
      
      Fixes: b7237487 ("tunnel: Propagate ECT(1) when decapsulating as recommended by RFC6040")
      Reported-by: default avatarJonathan Morton <chromatix99@gmail.com>
      Tested-by: default avatarPete Heist <pete@heistp.net>
      Signed-off-by: default avatarToke Høiland-Jørgensen <toke@redhat.com>
      Link: https://lore.kernel.org/r/20201130183705.17540-1-toke@redhat.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      2867e1ea
  3. 01 Dec, 2020 9 commits
  4. 30 Nov, 2020 5 commits
  5. 28 Nov, 2020 16 commits