Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp8109927imu; Tue, 4 Dec 2018 03:10:12 -0800 (PST) X-Google-Smtp-Source: AFSGD/U5NahyC+i8LNvSPuWWbjZc86vz55D+kfhXt0iClNOyLb6Tnv8upzCiDUdTHphn8VsXpITt X-Received: by 2002:a63:c141:: with SMTP id p1mr16364476pgi.424.1543921812759; Tue, 04 Dec 2018 03:10:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543921812; cv=none; d=google.com; s=arc-20160816; b=Eg4cQm5EtRKG86K96ADEuHRyOkr4i2Syaep1w1pP4DEHKxCfYbHiiUvl9Xy0L2fndq LafYbFiV3iRrHCDJNb3ndjiN1rQoEkqRADxs3x7TtoVw1DDooerRtbzdds3t94b8cu2D naLMZfh179RtNP28OhQnhoNIbBVhdRRCyPFPMuwoxcLFSCAPJ7b9qCCkkpYioQjFQXnq TrNM2lxYvqVl/jmcnLnCuXoB3i9LnNXa6dnDddShCsuFIynULzE6AGP1CGsHDHaPyad2 FWmO4iGTws1rto2EB05LcyqL+5TYeg1dlQvf35ZDld7dYlP09ZulLtPqa7HZedmVtAQM 78Yg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=asl9RTuady3JzCY53744a6RSPNGlCwLEe1TLADRwnZU=; b=eifxwB991c78T0/H3Hy5CJdKh3dHCViC2M3HuvxMnkycOwYs7iw5z1AuGroWuuDPlf JsaJ1/r5X1FUXbyxUeq+eeyHastc3t7WwpFqXsJ0GmwW/EJXKjUtY48qyU/iNhVLvgYs IoJilgx8Ny6G8cmkHpVp+4LKmaXDY+IEpcFsIPug1GNzBxyY0TltqrIJ4ZB2WmLzkhpx BJX0uQkB8ZxPqJJR50QnIirFu1r2fRve+4TV3BDcvLIQnU4lKC6psneDBmGrIA0wc9Dl Ap2NJINH9CKLzM0BtQDtqeA9mLwhPsgQbVp6Wkd5U02lMHEVjMK72S0I3NWwUUVkm7BR z/rA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=cU2tpS9I; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d9si14752310pgv.123.2018.12.04.03.09.58; Tue, 04 Dec 2018 03:10:12 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=cU2tpS9I; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728543AbeLDLH7 (ORCPT + 99 others); Tue, 4 Dec 2018 06:07:59 -0500 Received: from mail.kernel.org ([198.145.29.99]:57086 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728522AbeLDLHv (ORCPT ); Tue, 4 Dec 2018 06:07:51 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id CC5532082D; Tue, 4 Dec 2018 11:07:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1543921671; bh=9jhr7AjYEGcczdUstgSdb5emNLD/xAm4p0ybQcTn61k=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=cU2tpS9IbGj1PSP/qPSWU6qH4wDL9H0m2RHGpanjxTwLvnNl3iq1tPiz+FAlOTglx Ix7z4LIbjmNZXSs8dVjcSVT6KqHpju7mQPdfQCxHbFI5r+D2M1qYhFassjjjoLW/n4 g00SqCxZHqwydlB0T9Lr6ypeFQV+K533DiQdYwvw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Petr Machata , Ido Schimmel , Jiri Pirko , "David S. Miller" Subject: [PATCH 4.9 15/50] net: skb_scrub_packet(): Scrub offload_fwd_mark Date: Tue, 4 Dec 2018 11:50:10 +0100 Message-Id: <20181204103715.296544268@linuxfoundation.org> X-Mailer: git-send-email 2.19.2 In-Reply-To: <20181204103714.485546262@linuxfoundation.org> References: <20181204103714.485546262@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ From: Petr Machata [ Upstream commit b5dd186d10ba59e6b5ba60e42b3b083df56df6f3 ] When a packet is trapped and the corresponding SKB marked as already-forwarded, it retains this marking even after it is forwarded across veth links into another bridge. There, since it ingresses the bridge over veth, which doesn't have offload_fwd_mark, it triggers a warning in nbp_switchdev_frame_mark(). Then nbp_switchdev_allowed_egress() decides not to allow egress from this bridge through another veth, because the SKB is already marked, and the mark (of 0) of course matches. Thus the packet is incorrectly blocked. Solve by resetting offload_fwd_mark() in skb_scrub_packet(). That function is called from tunnels and also from veth, and thus catches the cases where traffic is forwarded between bridges and transformed in a way that invalidates the marking. Fixes: 6bc506b4fb06 ("bridge: switchdev: Add forward mark support for stacked devices") Fixes: abf4bb6b63d0 ("skbuff: Add the offload_mr_fwd_mark field") Signed-off-by: Petr Machata Suggested-by: Ido Schimmel Acked-by: Jiri Pirko Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/core/skbuff.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -4421,6 +4421,10 @@ void skb_scrub_packet(struct sk_buff *sk nf_reset(skb); nf_reset_trace(skb); +#ifdef CONFIG_NET_SWITCHDEV + skb->offload_fwd_mark = 0; +#endif + if (!xnet) return;