Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp2821433ybc; Wed, 20 Nov 2019 21:58:11 -0800 (PST) X-Google-Smtp-Source: APXvYqyHKZfxMg8PL9uDxbRiwpNuim2C0B37iuBYhqjZXRlnc74cCoBsvFdJi6wIAO0ojD3Lah42 X-Received: by 2002:a17:906:3490:: with SMTP id g16mr11479609ejb.189.1574315891133; Wed, 20 Nov 2019 21:58:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574315891; cv=none; d=google.com; s=arc-20160816; b=s33eF5Yb/sfYI8uivZ1geGvJgrMvkRdoA54ASiC9fW8zDPB3UE+VANLZ5Ufdp0jT8G S9W3Wo1lxJpzVr4fx9p5UcrWX7j78oa+HUxBLp2kejCaCDRK+ohHK0Z6RxJK+NavvLWb uLDJRAvx/9X2Y4jHzPRaVnpLRUPfJSQ+OAAlsw0s7f8D0Vu6N1JxUs2gmGyFzwm0SgJP PocCRbV4ThShMUNDe3Cy2tx863t4hFkaUTQktmwP3AKRrZMl3JK9fqVrHsWI2/xroeS7 xRQ90JP/PqEmSWbJOsoRtgivm9u1tVWf71fg//V5MlzDiQ3CqVcHy42+hEC/gK27kIAi Bswg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=6F06p/lRcPLbRWs2fX0dh6VKK9YWvQezc2xLvnreQH8=; b=mhedZsXnUmdbAIfj595HJ69+xqixHdDHRoB6uclDfKxAuA2J8qY021MvsAHxRB2ElB ZahTMch0PuX+2iz60Nx3FiKqrQ3OFop8BpjAKHJhooYFJYYFcM1thDy0O5juTFvsylfB g1PJ+IRV6deACaBDRNmIXTQjirlN+XOfVgZ1JWVV9ePeDfvR5WONcJwtBT2FnddG9wNt Jscz3Jef5NCDyLN8nOyUe7JHmvy35c5rcquw20Zp76Lu+6mRc/6CZ1tzJvrkrTZ+uRJG AbLNJpOJ17CiqGnwPQVz0MFclW3RpglDtgJE6gJ7OGvZsgz8YOtKlpKrCkH1EyJmrZl5 MnMQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f21si822038ede.253.2019.11.20.21.57.47; Wed, 20 Nov 2019 21:58:11 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726554AbfKUF4i (ORCPT + 99 others); Thu, 21 Nov 2019 00:56:38 -0500 Received: from Chamillionaire.breakpoint.cc ([193.142.43.52]:51660 "EHLO Chamillionaire.breakpoint.cc" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725842AbfKUF4i (ORCPT ); Thu, 21 Nov 2019 00:56:38 -0500 Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92) (envelope-from ) id 1iXfSF-000228-UL; Thu, 21 Nov 2019 06:56:36 +0100 From: Florian Westphal To: Cc: linux-kernel@vger.kernel.org, Florian Westphal , Paolo Abeni , Byron Stanoszek Subject: [PATCH net] udp: drop skb extensions before marking skb stateless Date: Thu, 21 Nov 2019 06:56:23 +0100 Message-Id: <20191121055623.20952-1-fw@strlen.de> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191121053031.GI20235@breakpoint.cc> References: <20191121053031.GI20235@breakpoint.cc> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Once udp stack has set the UDP_SKB_IS_STATELESS flag, later skb free assumes all skb head state has been dropped already. This will leak the extension memory in case the skb has extensions other than the ipsec secpath, e.g. bridge nf data. To fix this, set the UDP_SKB_IS_STATELESS flag only if we don't have extensions or if the extension space can be free'd. Fixes: 895b5c9f206eb7d25dc1360a ("netfilter: drop bridge nf reset from nf_reset") Cc: Paolo Abeni Reported-by: Byron Stanoszek Signed-off-by: Florian Westphal --- include/linux/skbuff.h | 6 ++++++ net/ipv4/udp.c | 27 ++++++++++++++++++++++----- 2 files changed, 28 insertions(+), 5 deletions(-) diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index 64a395c7f689..8688f7adfda7 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -4169,12 +4169,18 @@ static inline void skb_ext_reset(struct sk_buff *skb) skb->active_extensions = 0; } } + +static inline bool skb_has_extensions(struct sk_buff *skb) +{ + return unlikely(skb->active_extensions); +} #else static inline void skb_ext_put(struct sk_buff *skb) {} static inline void skb_ext_reset(struct sk_buff *skb) {} static inline void skb_ext_del(struct sk_buff *skb, int unused) {} static inline void __skb_ext_copy(struct sk_buff *d, const struct sk_buff *s) {} static inline void skb_ext_copy(struct sk_buff *dst, const struct sk_buff *s) {} +static inline bool skb_has_extensions(struct sk_buff *skb) { return false; } #endif /* CONFIG_SKB_EXTENSIONS */ static inline void nf_reset_ct(struct sk_buff *skb) diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index 1d58ce829dca..447defbfccdd 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -1297,6 +1297,27 @@ int udp_sendpage(struct sock *sk, struct page *page, int offset, #define UDP_SKB_IS_STATELESS 0x80000000 +/* all head states (dst, sk, nf conntrack) except skb extensions are + * cleared by udp_rcv(). + * + * We need to preserve secpath, if present, to eventually process + * IP_CMSG_PASSSEC at recvmsg() time. + * + * Other extensions can be cleared. + */ +static bool udp_try_make_stateless(struct sk_buff *skb) +{ + if (!skb_has_extensions(skb)) + return true; + + if (!secpath_exists(skb)) { + skb_ext_reset(skb); + return true; + } + + return false; +} + static void udp_set_dev_scratch(struct sk_buff *skb) { struct udp_dev_scratch *scratch = udp_skb_scratch(skb); @@ -1308,11 +1329,7 @@ static void udp_set_dev_scratch(struct sk_buff *skb) scratch->csum_unnecessary = !!skb_csum_unnecessary(skb); scratch->is_linear = !skb_is_nonlinear(skb); #endif - /* all head states execept sp (dst, sk, nf) are always cleared by - * udp_rcv() and we need to preserve secpath, if present, to eventually - * process IP_CMSG_PASSSEC at recvmsg() time - */ - if (likely(!skb_sec_path(skb))) + if (udp_try_make_stateless(skb)) scratch->_tsize_state |= UDP_SKB_IS_STATELESS; } -- 2.23.0