Eric Lee / smarc-fsl-linux-kernel

14 Oct, 2020

1 commit

  • fdafed459   ip_gre: set dev->hard_header_len and dev->needed_headroom properly ... Browse Code »

    GRE tunnel has its own header_ops, ipgre_header_ops, and sets it
    conditionally. When it is set, it assumes the outer IP header is
    already created before ipgre_xmit().

    This is not true when we send packets through a raw packet socket,
    where L2 headers are supposed to be constructed by user. Packet
    socket calls dev_validate_header() to validate the header. But
    GRE tunnel does not set dev->hard_header_len, so that check can
    be simply bypassed, therefore uninit memory could be passed down
    to ipgre_xmit(). Similar for dev->needed_headroom.

    dev->hard_header_len is supposed to be the length of the header
    created by dev->header_ops->create(), so it should be used whenever
    header_ops is set, and dev->needed_headroom should be used when it
    is not set.

    Reported-and-tested-by: syzbot+4a2c52677a8a1aa283cb@syzkaller.appspotmail.com
    Cc: William Tu
    Acked-by: Willem de Bruijn
    Signed-off-by: Cong Wang
    Acked-by: Xie He
    Signed-off-by: Jakub Kicinski

    Cong Wang
     

20 May, 2020

1 commit

  • 607259a69   net: add a new ndo_tunnel_ioctl method ... Browse Code »

    This method is used to properly allow kernel callers of the IPv4 route
    management ioctls. The exsting ip_tunnel_ioctl helper is renamed to
    ip_tunnel_ctl to better reflect that it doesn't directly implement ioctls
    touching user memory, and is used for the guts of ndo_tunnel_ctl
    implementations. A new ip_tunnel_ioctl helper is added that can be wired
    up directly to the ndo_do_ioctl method and takes care of the copy to and
    from userspace.

    Signed-off-by: Christoph Hellwig
    Signed-off-by: David S. Miller

    Christoph Hellwig
     

13 May, 2020

1 commit

06 May, 2020

1 commit

  • f989d546a   erspan: Add type I version 0 support. ... Browse Code »

    The Type I ERSPAN frame format is based on the barebones
    IP + GRE(4-byte) encapsulation on top of the raw mirrored frame.
    Both type I and II use 0x88BE as protocol type. Unlike type II
    and III, no sequence number or key is required.
    To creat a type I erspan tunnel device:
    $ ip link add dev erspan11 type erspan \
    local 172.16.1.100 remote 172.16.1.200 \
    erspan_ver 0

    Signed-off-by: William Tu
    Signed-off-by: David S. Miller

    William Tu
     

17 Mar, 2020

1 commit

  • 32ca98fea   net: ip_gre: Accept IFLA_INFO_DATA-less configuration ... Browse Code »

    The fix referenced below causes a crash when an ERSPAN tunnel is created
    without passing IFLA_INFO_DATA. Fix by validating passed-in data in the
    same way as ipgre does.

    Fixes: e1f8f78ffe98 ("net: ip_gre: Separate ERSPAN newlink / changelink callbacks")
    Reported-by: syzbot+1b4ebf4dae4e510dd219@syzkaller.appspotmail.com
    Signed-off-by: Petr Machata
    Signed-off-by: David S. Miller

    Petr Machata
     

15 Mar, 2020

1 commit

  • e1f8f78ff   net: ip_gre: Separate ERSPAN newlink / changelink callbacks ... Browse Code »

    ERSPAN shares most of the code path with GRE and gretap code. While that
    helps keep the code compact, it is also error prone. Currently a broken
    userspace can turn a gretap tunnel into a de facto ERSPAN one by passing
    IFLA_GRE_ERSPAN_VER. There has been a similar issue in ip6gretap in the
    past.

    To prevent these problems in future, split the newlink and changelink code
    paths. Split the ERSPAN code out of ipgre_netlink_parms() into a new
    function erspan_netlink_parms(). Extract a piece of common logic from
    ipgre_newlink() and ipgre_changelink() into ipgre_newlink_encap_setup().
    Add erspan_newlink() and erspan_changelink().

    Fixes: 84e54fe0a5ea ("gre: introduce native tunnel support for ERSPAN")
    Signed-off-by: Petr Machata
    Signed-off-by: David S. Miller

    Petr Machata
     

10 Dec, 2019

1 commit

  • c593642c8   treewide: Use sizeof_field() macro ... Browse Code »

    Replace all the occurrences of FIELD_SIZEOF() with sizeof_field() except
    at places where these are defined. Later patches will remove the unused
    definition of FIELD_SIZEOF().

    This patch is generated using following script:

    EXCLUDE_FILES="include/linux/stddef.h|include/linux/kernel.h"

    git grep -l -e "\bFIELD_SIZEOF\b" | while read file;
    do

    if [[ "$file" =~ $EXCLUDE_FILES ]]; then
    continue
    fi
    sed -i -e 's/\bFIELD_SIZEOF\b/sizeof_field/g' $file;
    done

    Signed-off-by: Pankaj Bharadiya
    Link: https://lore.kernel.org/r/20190924105839.110713-3-pankaj.laxminarayan.bharadiya@intel.com
    Co-developed-by: Kees Cook
    Signed-off-by: Kees Cook
    Acked-by: David Miller # for net

    Pankaj Bharadiya
     

21 Nov, 2019

1 commit

  • c0d59da79   ip_gre: Make none-tun-dst gre tunnel store tunnel info as metadat_dst in recv ... Browse Code »

    Currently collect_md gre tunnel will store the tunnel info(metadata_dst)
    to skb_dst.
    And now the non-tun-dst gre tunnel already can add tunnel header through
    lwtunnel.

    When received a arp_request on the non-tun-dst gre tunnel. The packet of
    arp response will send through the non-tun-dst tunnel without tunnel info
    which will lead the arp response packet to be dropped.

    If the non-tun-dst gre tunnel also store the tunnel info as metadata_dst,
    The arp response packet will set the releted tunnel info in the
    iptunnel_metadata_reply.

    The following is the test script:

    ip netns add cl
    ip l add dev vethc type veth peer name eth0 netns cl

    ifconfig vethc 172.168.0.7/24 up
    ip l add dev tun1000 type gretap key 1000

    ip link add user1000 type vrf table 1
    ip l set user1000 up
    ip l set dev tun1000 master user1000
    ifconfig tun1000 10.0.1.1/24 up

    ip netns exec cl ifconfig eth0 172.168.0.17/24 up
    ip netns exec cl ip l add dev tun type gretap local 172.168.0.17 remote 172.168.0.7 key 1000
    ip netns exec cl ifconfig tun 10.0.1.7/24 up
    ip r r 10.0.1.7 encap ip id 1000 dst 172.168.0.17 key dev tun1000 table 1

    With this patch
    ip netns exec cl ping 10.0.1.1 can success

    Signed-off-by: wenxu
    Signed-off-by: David S. Miller

    wenxu
     

30 Oct, 2019

1 commit

  • 2eb8d6d29   erspan: fix the tun_info options_len check for erspan ... Browse Code »

    The check for !md doens't really work for ip_tunnel_info_opts(info) which
    only does info + 1. Also to avoid out-of-bounds access on info, it should
    ensure options_len is not less than erspan_metadata in both erspan_xmit()
    and ip6erspan_tunnel_xmit().

    Fixes: 1a66a836da ("gre: add collect_md mode to ERSPAN tunnel")
    Signed-off-by: Xin Long
    Signed-off-by: David S. Miller

    Xin Long
     

01 Oct, 2019

1 commit

  • 0e141f757   erspan: remove the incorrect mtu limit for erspan ... Browse Code »

    erspan driver calls ether_setup(), after commit 61e84623ace3
    ("net: centralize net_device min/max MTU checking"), the range
    of mtu is [min_mtu, max_mtu], which is [68, 1500] by default.

    It causes the dev mtu of the erspan device to not be greater
    than 1500, this limit value is not correct for ipgre tap device.

    Tested:
    Before patch:
    # ip link set erspan0 mtu 1600
    Error: mtu greater than device maximum.
    After patch:
    # ip link set erspan0 mtu 1600
    # ip -d link show erspan0
    21: erspan0@NONE: mtu 1600 qdisc noop state DOWN
    mode DEFAULT group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 0

    Fixes: 61e84623ace3 ("net: centralize net_device min/max MTU checking")
    Signed-off-by: Haishuang Yan
    Signed-off-by: David S. Miller

    Haishuang Yan
     

31 May, 2019

1 commit

  • 2874c5fd2   treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 ... Browse Code »

    Based on 1 normalized pattern(s):

    this program is free software you can redistribute it and or modify
    it under the terms of the gnu general public license as published by
    the free software foundation either version 2 of the license or at
    your option any later version

    extracted by the scancode license scanner the SPDX license identifier

    GPL-2.0-or-later

    has been chosen to replace the boilerplate/reference in 3029 file(s).

    Signed-off-by: Thomas Gleixner
    Reviewed-by: Allison Randal
    Cc: linux-spdx@vger.kernel.org
    Link: https://lkml.kernel.org/r/20190527070032.746973796@linutronix.de
    Signed-off-by: Greg Kroah-Hartman

    Thomas Gleixner
     

09 Apr, 2019

1 commit

  • 492b67e28   net: ip_gre: fix possible use-after-free in erspan_rcv ... Browse Code »

    erspan tunnels run __iptunnel_pull_header on received skbs to remove
    gre and erspan headers. This can determine a possible use-after-free
    accessing pkt_md pointer in erspan_rcv since the packet will be 'uncloned'
    running pskb_expand_head if it is a cloned gso skb (e.g if the packet has
    been sent though a veth device). Fix it resetting pkt_md pointer after
    __iptunnel_pull_header

    Fixes: 1d7e2ed22f8d ("net: erspan: refactor existing erspan code")
    Signed-off-by: Lorenzo Bianconi
    Signed-off-by: David S. Miller

    Lorenzo Bianconi
     

28 Feb, 2019

1 commit

  • 24ba14406   route: Add multipath_hash in flowi_common to make user-define hash ... Browse Code »

    Current fib_multipath_hash_policy can make hash based on the L3 or
    L4. But it only work on the outer IP. So a specific tunnel always
    has the same hash value. But a specific tunnel may contain so many
    inner connections.

    This patch provide a generic multipath_hash in floi_common. It can
    make a user-define hash which can mix with L3 or L4 hash.

    Signed-off-by: wenxu
    Signed-off-by: David S. Miller

    wenxu
     

25 Feb, 2019

1 commit

  • 70f352261   Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net ... Browse Code »

    Three conflicts, one of which, for marvell10g.c is non-trivial and
    requires some follow-up from Heiner or someone else.

    The issue is that Heiner converted the marvell10g driver over to
    use the generic c45 code as much as possible.

    However, in 'net' a bug fix appeared which makes sure that a new
    local mask (MDIO_AN_10GBT_CTRL_ADV_NBT_MASK) with value 0x01e0
    is cleared.

    Signed-off-by: David S. Miller

    David S. Miller
     

22 Feb, 2019

1 commit

  • 2bdf700e5   net: ip_gre: do not report erspan_ver for gre or gretap ... Browse Code »

    Report erspan version field to userspace in ipgre_fill_info just for
    erspan tunnels. The issue can be triggered with the following reproducer:

    $ip link add name gre1 type gre local 192.168.0.1 remote 192.168.1.1
    $ip link set dev gre1 up
    $ip -d link sh gre1
    13: gre1@NONE: mtu 1476 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/gre 192.168.0.1 peer 192.168.1.1 promiscuity 0 minmtu 0 maxmtu 0
    gre remote 192.168.1.1 local 192.168.0.1 ttl inherit erspan_ver 0 addrgenmode eui64 numtxqueues 1 numrxqueues 1

    Fixes: f551c91de262 ("net: erspan: introduce erspan v2 for ip_gre")
    Signed-off-by: Lorenzo Bianconi
    Signed-off-by: David S. Miller

    Lorenzo Bianconi
     

09 Feb, 2019

1 commit

31 Jan, 2019

1 commit

  • feaf5c796   net: ip_gre: always reports o_key to userspace ... Browse Code »

    Erspan protocol (version 1 and 2) relies on o_key to configure
    session id header field. However TUNNEL_KEY bit is cleared in
    erspan_xmit since ERSPAN protocol does not set the key field
    of the external GRE header and so the configured o_key is not reported
    to userspace. The issue can be triggered with the following reproducer:

    $ip link add erspan1 type erspan local 192.168.0.1 remote 192.168.0.2 \
    key 1 seq erspan_ver 1
    $ip link set erspan1 up
    $ip -d link sh erspan1

    erspan1@NONE: mtu 1450 qdisc pfifo_fast state UNKNOWN mode DEFAULT
    link/ether 52:aa:99:95:9a:b5 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 1500
    erspan remote 192.168.0.2 local 192.168.0.1 ttl inherit ikey 0.0.0.1 iseq oseq erspan_index 0

    Fix the issue adding TUNNEL_KEY bit to the o_flags parameter in
    ipgre_fill_info

    Fixes: 84e54fe0a5ea ("gre: introduce native tunnel support for ERSPAN")
    Signed-off-by: Lorenzo Bianconi
    Signed-off-by: David S. Miller

    Lorenzo Bianconi
     

28 Jan, 2019

1 commit

27 Jan, 2019

1 commit

23 Jan, 2019

1 commit

  • cb73ee40b   net: ip_gre: use erspan key field for tunnel lookup ... Browse Code »

    Use ERSPAN key header field as tunnel key in gre_parse_header routine
    since ERSPAN protocol sets the key field of the external GRE header to
    0 resulting in a tunnel lookup fail in ip6gre_err.
    In addition remove key field parsing and pskb_may_pull check in
    erspan_rcv and ip6erspan_rcv

    Fixes: 5a963eb61b7c ("ip6_gre: Add ERSPAN native tunnel support")
    Signed-off-by: Lorenzo Bianconi
    Signed-off-by: David S. Miller

    Lorenzo Bianconi
     

17 Jan, 2019

1 commit

  • 20704bd16   erspan: build the header with the right proto according to erspan_ver ... Browse Code »

    As said in draft-foschiano-erspan-03#section4:

    Different frame variants known as "ERSPAN Types" can be
    distinguished based on the GRE "Protocol Type" field value: Type I
    and II's value is 0x88BE while Type III's is 0x22EB [ETYPES].

    So set it properly in erspan_xmit() according to erspan_ver. While at
    it, also remove the unused parameter 'proto' in erspan_fb_xmit().

    Fixes: 94d7d8f29287 ("ip6_gre: add erspan v2 support")
    Reported-by: Jianlin Shi
    Signed-off-by: Xin Long
    Signed-off-by: David S. Miller

    Xin Long
     

02 Jan, 2019

1 commit

  • cb9f1b783   ip: validate header length on virtual device xmit ... Browse Code »

    KMSAN detected read beyond end of buffer in vti and sit devices when
    passing truncated packets with PF_PACKET. The issue affects additional
    ip tunnel devices.

    Extend commit 76c0ddd8c3a6 ("ip6_tunnel: be careful when accessing the
    inner header") and commit ccfec9e5cb2d ("ip_tunnel: be careful when
    accessing the inner header").

    Move the check to a separate helper and call at the start of each
    ndo_start_xmit function in net/ipv4 and net/ipv6.

    Minor changes:
    - convert dev_kfree_skb to kfree_skb on error path,
    as dev_kfree_skb calls consume_skb which is not for error paths.
    - use pskb_network_may_pull even though that is pedantic here,
    as the same as pskb_may_pull for devices without llheaders.
    - do not cache ipv6 hdrs if used only once
    (unsafe across pskb_may_pull, was more relevant to earlier patch)

    Reported-by: syzbot
    Signed-off-by: Willem de Bruijn
    Signed-off-by: David S. Miller

    Willem de Bruijn
     

11 Dec, 2018

1 commit

  • 0621e6fc5   net: Add netif_is_gretap()/netif_is_ip6gretap() ... Browse Code »

    Changed the is_gretap_dev and is_ip6gretap_dev logic from structure
    comparison to string comparison of the rtnl_link_ops kind field.

    This approach aligns with the current identification methods and function
    names of vxlan and geneve network devices.

    Convert mlxsw to use these helpers and use them in downstream mlx5 patch.

    Signed-off-by: Oz Shlomo
    Reviewed-by: Eli Britstein
    Reviewed-by: Ido Schimmel
    Signed-off-by: Saeed Mahameed

    Oz Shlomo
     

09 Nov, 2018

1 commit

  • 32bbd8793   net: Convert protocol error handlers from void to int ... Browse Code »

    We'll need this to handle ICMP errors for tunnels without a sending socket
    (i.e. FoU and GUE). There, we might have to look up different types of IP
    tunnels, registered as network protocols, before we get a match, so we
    want this for the error handlers of IPPROTO_IPIP and IPPROTO_IPV6 in both
    inet_protos and inet6_protos. These error codes will be used in the next
    patch.

    For consistency, return sensible error codes in protocol error handlers
    whenever handlers can't handle errors because, even if valid, they don't
    match a protocol or any of its states.

    This has no effect on existing error handling paths.

    Signed-off-by: Stefano Brivio
    Reviewed-by: Sabrina Dubroca
    Signed-off-by: David S. Miller

    Stefano Brivio
     

07 Nov, 2018

1 commit

27 Sep, 2018

2 commits

17 Sep, 2018

1 commit

  • b0350d51f   ip_gre: fix parsing gre header in ipgre_err ... Browse Code »

    gre_parse_header stops parsing when csum_err is encountered, which means
    tpi->key is undefined and ip_tunnel_lookup will return NULL improperly.

    This patch introduce a NULL pointer as csum_err parameter. Even when
    csum_err is encountered, it won't return error and continue parsing gre
    header as expected.

    Fixes: 9f57c67c379d ("gre: Remove support for sharing GRE protocol hook.")
    Reported-by: Jiri Benc
    Signed-off-by: Haishuang Yan
    Signed-off-by: David S. Miller

    Haishuang Yan
     

12 Sep, 2018

2 commits

28 Aug, 2018

1 commit

  • 84581bdae   erspan: set erspan_ver to 1 by default when adding an erspan dev ... Browse Code »

    After erspan_ver is introudced, if erspan_ver is not set in iproute, its
    value will be left 0 by default. Since Commit 02f99df1875c ("erspan: fix
    invalid erspan version."), it has broken the traffic due to the version
    check in erspan_xmit if users are not aware of 'erspan_ver' param, like
    using an old version of iproute.

    To fix this compatibility problem, it sets erspan_ver to 1 by default
    when adding an erspan dev in erspan_setup. Note that we can't do it in
    ipgre_netlink_parms, as this function is also used by ipgre_changelink.

    Fixes: 02f99df1875c ("erspan: fix invalid erspan version.")
    Reported-by: Jianlin Shi
    Signed-off-by: Xin Long
    Signed-off-by: David S. Miller

    Xin Long
     

02 Aug, 2018

1 commit

29 Jun, 2018

1 commit

  • 256c87c17   net: check tunnel option type in tunnel flags ... Browse Code »

    Check the tunnel option type stored in tunnel flags when creating options
    for tunnels. Thereby ensuring we do not set geneve, vxlan or erspan tunnel
    options on interfaces that are not associated with them.

    Make sure all users of the infrastructure set correct flags, for the BPF
    helper we have to set all bits to keep backward compatibility.

    Signed-off-by: Pieter Jansen van Vuuren
    Signed-off-by: Jakub Kicinski
    Signed-off-by: David S. Miller

    Pieter Jansen van Vuuren
     

22 May, 2018

1 commit

  • 6f6e434aa   Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net ... Browse Code »

    S390 bpf_jit.S is removed in net-next and had changes in 'net',
    since that code isn't used any more take the removal.

    TLS data structures split the TX and RX components in 'net-next',
    put the new struct members from the bug fix in 'net' into the RX
    part.

    The 'net-next' tree had some reworking of how the ERSPAN code works in
    the GRE tunneling code, overlapping with a one-line headroom
    calculation fix in 'net'.

    Overlapping changes in __sock_map_ctx_update_elem(), keep the bits
    that read the prog members via READ_ONCE() into local variables
    before using them.

    Signed-off-by: David S. Miller

    David S. Miller
     

18 May, 2018

1 commit

  • 02f99df18   erspan: fix invalid erspan version. ... Browse Code »

    ERSPAN only support version 1 and 2. When packets send to an
    erspan device which does not have proper version number set,
    drop the packet. In real case, we observe multicast packets
    sent to the erspan pernet device, erspan0, which does not have
    erspan version configured.

    Reported-by: Greg Rose
    Signed-off-by: William Tu
    Signed-off-by: David S. Miller

    William Tu
     

12 May, 2018

1 commit

  • d5db21a3e   erspan: auto detect truncated ipv6 packets. ... Browse Code »

    Currently the truncated bit is set only when 1) the mirrored packet
    is larger than mtu and 2) the ipv4 packet tot_len is larger than
    the actual skb->len. This patch adds another case for detecting
    whether ipv6 packet is truncated or not, by checking the ipv6 header
    payload_len and the skb->len.

    Reported-by: Xiaoyan Jin
    Signed-off-by: William Tu
    Signed-off-by: David S. Miller

    William Tu
     

30 Apr, 2018

1 commit

  • 1baf5ebf8   erspan: auto detect truncated packets. ... Browse Code »

    Currently the truncated bit is set only when the mirrored packet
    is larger than mtu. For certain cases, the packet might already
    been truncated before sending to the erspan tunnel. In this case,
    the patch detect whether the IP header's total length is larger
    than the actual skb->len. If true, this indicated that the
    mirrored packet is truncated and set the erspan truncate bit.

    I tested the patch using bpf_skb_change_tail helper function to
    shrink the packet size and send to erspan tunnel.

    Reported-by: Xiaoyan Jin
    Signed-off-by: William Tu
    Signed-off-by: David S. Miller

    William Tu
     

10 Apr, 2018

1 commit

  • 1cc5954f4   ip_gre: clear feature flags when incompatible o_flags are set ... Browse Code »

    Commit dd9d598c6657 ("ip_gre: add the support for i/o_flags update via
    netlink") added the ability to change o_flags, but missed that the
    GSO/LLTX features are disabled by default, and only enabled some gre
    features are unused. Thus we also need to disable the GSO/LLTX features
    on the device when the TUNNEL_SEQ or TUNNEL_CSUM flags are set.

    These two examples should result in the same features being set:

    ip link add gre_none type gre local 192.168.0.10 remote 192.168.0.20 ttl 255 key 0

    ip link set gre_none type gre seq
    ip link add gre_seq type gre local 192.168.0.10 remote 192.168.0.20 ttl 255 key 1 seq

    Fixes: dd9d598c6657 ("ip_gre: add the support for i/o_flags update via netlink")
    Signed-off-by: Sabrina Dubroca
    Reviewed-by: Xin Long
    Acked-by: William Tu
    Signed-off-by: David S. Miller

    Sabrina Dubroca
     

28 Mar, 2018

1 commit

23 Mar, 2018

1 commit

  • 157463941   gre: fix TUNNEL_SEQ bit check on sequence numbering ... Browse Code »

    The current logic of flags | TUNNEL_SEQ is always non-zero and hence
    sequence numbers are always incremented no matter the setting of the
    TUNNEL_SEQ bit. Fix this by using & instead of |.

    Detected by CoverityScan, CID#1466039 ("Operands don't affect result")

    Fixes: 77a5196a804e ("gre: add sequence number for collect md mode.")
    Signed-off-by: Colin Ian King
    Acked-by: William Tu
    Signed-off-by: David S. Miller

    Colin Ian King