Received: by 10.213.65.68 with SMTP id h4csp1810906imn;
        Thu, 29 Mar 2018 11:28:01 -0700 (PDT)
X-Google-Smtp-Source: AIpwx49G6jOXP1a6KsHsuB5lYZ0r/MqFFYvxUC329tu3UWADN487O4Ghg5xZpb+ktgdKq9GVwx3a
X-Received: by 2002:a17:902:b088:: with SMTP id p8-v6mr9402458plr.235.1522348081093;
        Thu, 29 Mar 2018 11:28:01 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1522348081; cv=none;
        d=google.com; s=arc-20160816;
        b=gDVCN5W1oc8QwKtesnIH0deu845MvKPDTW4MgQ88gzs48T160R+UKO6f5lbRB0cz2y
         q9gsYnLdNYF+60tUtBq9SFW/K2yzPs7BSAgKf+mLh2ShgmUDD2Xg8bcBvUFnzmuGOx9n
         bfnheOZG2m5OuIDG+fVRrANHLybaWvei0OZwzQfPRAoQWiRTMAgc1kPQ6dAhtOB/hQw2
         DNV6QMRVI8NrCkEAv2coHIQj3FSK/mjRtUSKmCX1gui+/kyPvuQb0/+i9EIC8XK6V5la
         nN+CAhFQAHLQNck0gYxmcJ6KfNYtPy7SLL2nBGrnDhtVWglw1JF5AU7xS/4lYylxMbS7
         zROw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:message-id:date:subject:cc:to:from
         :arc-authentication-results;
        bh=g53IMIwZKHRvtC59iKLQZ8f3q+igmjvmeVNeDN4USW0=;
        b=n7FgYGMW/P/CiEuo/ZqtFFTsbdwA0PJQGjGeKrzqBZlXbYwstknmb7qarQHkR510wZ
         WHYuh9OTSoRN4GfBMK8XEIQ7hIG0wYvWLgOKd+SWNOav8KwyAE0Xpf/aZc196xhqA9bR
         mmlDNa576P3Ie1V5XFG8P6cqjtLg28aKmhn39SZnsT1J57hcqfEjf0MuQnV1oLbUR0kQ
         vU44NZ7amy01x7gpBzylfb1/iLy2kJTY+/86YUnnNA/v0Kyv1si9ju5m5uehuafiOzwS
         bd8lHduy+71Kc9/Lt6/oi+pmDTBEq0z0XHr9gmwR0XEtocVCNTbIz3LctHgq2PSXSX1t
         3L2w==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id w128si4327727pgb.460.2018.03.29.11.27.46;
        Thu, 29 Mar 2018 11:28:01 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753422AbeC2S0m (ORCPT <rfc822;linux.lists.archive@gmail.com>
        + 99 others); Thu, 29 Mar 2018 14:26:42 -0400
Received: from mail.linuxfoundation.org ([140.211.169.12]:58910 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1753313AbeC2SEw (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 29 Mar 2018 14:04:52 -0400
Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202])
        by mail.linuxfoundation.org (Postfix) with ESMTPSA id 98EBDCAA;
        Thu, 29 Mar 2018 18:04:51 +0000 (UTC)
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Alexey Kodanev <alexey.kodanev@oracle.com>,
        Shannon Nelson <shannon.nelson@oracle.com>,
        "David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.14 07/43] macvlan: filter out unsupported feature flags
Date:   Thu, 29 Mar 2018 20:00:02 +0200
Message-Id: <20180329175730.856662053@linuxfoundation.org>
X-Mailer: git-send-email 2.16.3
In-Reply-To: <20180329175730.190353692@linuxfoundation.org>
References: <20180329175730.190353692@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.14-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Shannon Nelson <shannon.nelson@oracle.com>


[ Upstream commit 13fbcc8dc573482dd3f27568257fd7087f8935f4 ]

Adding a macvlan device on top of a lowerdev that supports
the xfrm offloads fails with a new regression:
  # ip link add link ens1f0 mv0 type macvlan
  RTNETLINK answers: Operation not permitted

Tracing down the failure shows that the macvlan device inherits
the NETIF_F_HW_ESP and NETIF_F_HW_ESP_TX_CSUM feature flags
from the lowerdev, but with no dev->xfrmdev_ops API filled
in, it doesn't actually support xfrm.  When the request is
made to add the new macvlan device, the XFRM listener for
NETDEV_REGISTER calls xfrm_api_check() which fails the new
registration because dev->xfrmdev_ops is NULL.

The macvlan creation succeeds when we filter out the ESP
feature flags in macvlan_fix_features(), so let's filter them
out like we're already filtering out ~NETIF_F_NETNS_LOCAL.
When XFRM support is added in the future, we can add the flags
into MACVLAN_FEATURES.

This same problem could crop up in the future with any other
new feature flags, so let's filter out any flags that aren't
defined as supported in macvlan.

Fixes: d77e38e612a0 ("xfrm: Add an IPsec hardware offloading API")
Reported-by: Alexey Kodanev <alexey.kodanev@oracle.com>
Signed-off-by: Shannon Nelson <shannon.nelson@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/macvlan.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/net/macvlan.c
+++ b/drivers/net/macvlan.c
@@ -1037,7 +1037,7 @@ static netdev_features_t macvlan_fix_fea
 	lowerdev_features &= (features | ~NETIF_F_LRO);
 	features = netdev_increment_features(lowerdev_features, features, mask);
 	features |= ALWAYS_ON_FEATURES;
-	features &= ~NETIF_F_NETNS_LOCAL;
+	features &= (ALWAYS_ON_FEATURES | MACVLAN_FEATURES);
 
 	return features;
 }