Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp8121824imu; Tue, 4 Dec 2018 03:22:42 -0800 (PST) X-Google-Smtp-Source: AFSGD/VLRnI/TgYll7ElLbQuZ+pT3At5DIzFWxKJWnSU0IWnMz8IWmUBehrb7RMUPH62Qu5P3xpv X-Received: by 2002:a17:902:848d:: with SMTP id c13mr19812732plo.257.1543922562675; Tue, 04 Dec 2018 03:22:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543922562; cv=none; d=google.com; s=arc-20160816; b=kin1qPTT0eHFfnt8yUTcXhmrOJis0XborwjJqscGjv7O+A1m1WdqINQxV6ylOng8ti FphgSjnvnDhK3GHq0A4ZTL4nGOf0g7tgiSb1K+tvX6cKIApsUqVGqSZxYO8PZh+V9j9X 2dOzzhGekkj/Eb63quO281msSoXEmOYCbbHTX8vQoNN1wI70ic99zySoyY2DLLdBA0Ct E/TfLAn1IiL4/gie5j78y0Us5taD4sfhNtNsDJFjeTIAQvg5Ge/6wsIxtHNLMi0tX6OD Az86x752hnXRy+EkbqFt575hbT/IJzMp53/FBTzFRs4fPKLFpzOmth3Bka+6Ntjea3uI wg2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=9HnKvNwrXK4XD570ht5iKG4SAgBKVH+ME2mUgyEZcRE=; b=bZL3bq32gnn/cXsIB8K3J4yOrxjR9HzeBTSzDI9Gs9m75gDtjoYm4UHtWIC7PXy0kL yeKBZ0CJVh7LFhZoyoO9K+ihXsfFlgLE1udXDpvfp+HgaXtiGFucjLLEs2IAO3i6abhk RA6F2tmfmOxngoanrkoZ3XeRgDHgWc/WPieCSu2FBlPW+DV4xwZx3OIYITJgvB6ZNKcK 0oWYdCroTNqk5jXA/3/7Lq28BMGEVmx/81YnnJ4zXnYRzIQwckrcKKa5arH/drIdS4Q7 5mYVFWGYoLZ1e09JreS4IRV7DEdGZnw+jMlVw9op4AyoIqVxBWhni/MiE21wcH0S8O3Y wkhw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=CYv5O1wm; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w7si18007707pfw.200.2018.12.04.03.22.27; Tue, 04 Dec 2018 03:22:42 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=CYv5O1wm; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727948AbeLDLUZ (ORCPT + 99 others); Tue, 4 Dec 2018 06:20:25 -0500 Received: from mail.kernel.org ([198.145.29.99]:50030 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727455AbeLDLDb (ORCPT ); Tue, 4 Dec 2018 06:03:31 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9B9AE2087F; Tue, 4 Dec 2018 11:03:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1543921410; bh=X1zK1qSxNZ8h4U7RIMLIGIr+XQ+2/cK5szhiPsHkC9M=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=CYv5O1wm6KcXhZtah5SHQVPaqjXs4iVoxFu0lNMMdKuhN3Q5Fxt4oSScjbN2798Yg MJ1lSrBsss7Dv75xLngRDxEo4JWwJc7uJqnInuaGSpmMpA57TURboBxVwSa08+/C0k GH4DHCBvKqxMB2cvM6+fjB4dYQqsfKPPv5Yr5xRw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Petr Machata , Ido Schimmel , Jiri Pirko , "David S. Miller" Subject: [PATCH 4.14 059/146] net: skb_scrub_packet(): Scrub offload_fwd_mark Date: Tue, 4 Dec 2018 11:49:05 +0100 Message-Id: <20181204103729.214402485@linuxfoundation.org> X-Mailer: git-send-email 2.19.2 In-Reply-To: <20181204103726.750894136@linuxfoundation.org> References: <20181204103726.750894136@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Petr Machata [ Upstream commit b5dd186d10ba59e6b5ba60e42b3b083df56df6f3 ] When a packet is trapped and the corresponding SKB marked as already-forwarded, it retains this marking even after it is forwarded across veth links into another bridge. There, since it ingresses the bridge over veth, which doesn't have offload_fwd_mark, it triggers a warning in nbp_switchdev_frame_mark(). Then nbp_switchdev_allowed_egress() decides not to allow egress from this bridge through another veth, because the SKB is already marked, and the mark (of 0) of course matches. Thus the packet is incorrectly blocked. Solve by resetting offload_fwd_mark() in skb_scrub_packet(). That function is called from tunnels and also from veth, and thus catches the cases where traffic is forwarded between bridges and transformed in a way that invalidates the marking. Fixes: 6bc506b4fb06 ("bridge: switchdev: Add forward mark support for stacked devices") Fixes: abf4bb6b63d0 ("skbuff: Add the offload_mr_fwd_mark field") Signed-off-by: Petr Machata Suggested-by: Ido Schimmel Acked-by: Jiri Pirko Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/core/skbuff.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -4882,6 +4882,10 @@ void skb_scrub_packet(struct sk_buff *sk nf_reset(skb); nf_reset_trace(skb); +#ifdef CONFIG_NET_SWITCHDEV + skb->offload_fwd_mark = 0; +#endif + if (!xnet) return;