Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp17926810ybl; Thu, 2 Jan 2020 14:58:56 -0800 (PST) X-Google-Smtp-Source: APXvYqzloRIsMuRufbc3LGB3XVNIa0N3nh3XKWqw9CLimPnS7zzGLiqb2Hoo5wxHzhJoGVaIhAVH X-Received: by 2002:a05:6830:13d9:: with SMTP id e25mr91724458otq.134.1578005936603; Thu, 02 Jan 2020 14:58:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1578005936; cv=none; d=google.com; s=arc-20160816; b=nO6gIBneOZ8eJsuKjeNmE64Gw7VQK5Rqad3ap9cQjhiun762ircQzBtk8qXPD47JKS 6Wuna7hi0zJwwHtP8Ty2dGIlvZEqIZm83YN8Cg6A9XdqGNWNr9xXtQqFsLyBjbtpRoSw 8Bse021Xh6UHS3DUvPRiS8WoJ/Br4qgm0aQNH31y1Q/84Wp/SlkEdT1RNNlj+G4rY0hA w5lmVjtZgOGj/Uu6CethX22Clv/oP42P5mV3fL1O+ncG7E3XhnF3aMn+xGTsIvmT64Vu vqvgCGchtxIZ9tUriqcAQqlw+6fnag2O6E243eHvNRinZamN6Ik6W1udm4rOCi4i1ZY1 FAIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=0gE0Q465UmeYFmXlIsvpY0N9QxUvZNzeYvJjoujlW5A=; b=ZFXwbZ+e9aLsBlwJBsxnWjIPhGHeGcrbPtNgwtnVU+jA+27t0R1vxvZVqLOqrDr1Oh m/dQoiPJGCq9ZMNB8smlbQrDHVR8CAfI5CUe08SppT8WYt++23eSyuRZpDGGDVROLXt7 6E7mAqHtB866X3KGldXNOvlJzRf1sUdlNYxMcElBlL95jKSNz8LcjPTe/jpgNaPS8+V7 D5YEqZk81gVndPKWOFxkuB5WcoRzBPEEl5r6AfnQ+vhuxNzhx702W7Iq8pexrMAcHm3a cKF1/PyDBmMJgr0Co0dosqQIEs63J6Jh74NbAJmz5Z0D0nXNZr8m2rcWS5OpNxfWAc03 DBnA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=YcJVoj2+; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v124si22073543oib.173.2020.01.02.14.58.44; Thu, 02 Jan 2020 14:58:56 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=YcJVoj2+; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728699AbgABW5a (ORCPT + 99 others); Thu, 2 Jan 2020 17:57:30 -0500 Received: from mail.kernel.org ([198.145.29.99]:59114 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727228AbgABWQy (ORCPT ); Thu, 2 Jan 2020 17:16:54 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 35D6522314; Thu, 2 Jan 2020 22:16:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1578003413; bh=BqX7q04+FN+mZ1t824BNPAXjx17/+bgB/b3nPi663bg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=YcJVoj2+7xSCN3KiBomGdMq+t9bXPsQJPRgygLSLHQeofYAdXypToMUb0gp9FB/YW 4wFILAfLJe8/XGUfznAPMhEsqYQu758LVXPd3AE+h5b+nDcCDtLtWvNo/IKxjf1tWA URTaKe0AJecvNAURXFyRVDVAZLEV0YRXSQNAIEZk= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Shmulik Ladkani , Jamal Hadi Salim , "David S. Miller" Subject: [PATCH 5.4 151/191] net/sched: act_mirred: Pull mac prior redir to non mac_header_xmit device Date: Thu, 2 Jan 2020 23:07:13 +0100 Message-Id: <20200102215845.650407157@linuxfoundation.org> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200102215829.911231638@linuxfoundation.org> References: <20200102215829.911231638@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Shmulik Ladkani [ Upstream commit 70cf3dc7313207816255b9acb0dffb19dae78144 ] There's no skb_pull performed when a mirred action is set at egress of a mac device, with a target device/action that expects skb->data to point at the network header. As a result, either the target device is errornously given an skb with data pointing to the mac (egress case), or the net stack receives the skb with data pointing to the mac (ingress case). E.g: # tc qdisc add dev eth9 root handle 1: prio # tc filter add dev eth9 parent 1: prio 9 protocol ip handle 9 basic \ action mirred egress redirect dev tun0 (tun0 is a tun device. result: tun0 errornously gets the eth header instead of the iph) Revise the push/pull logic of tcf_mirred_act() to not rely on the skb_at_tc_ingress() vs tcf_mirred_act_wants_ingress() comparison, as it does not cover all "pull" cases. Instead, calculate whether the required action on the target device requires the data to point at the network header, and compare this to whether skb->data points to network header - and make the push/pull adjustments as necessary. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Shmulik Ladkani Tested-by: Jamal Hadi Salim Acked-by: Jamal Hadi Salim Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/sched/act_mirred.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) --- a/net/sched/act_mirred.c +++ b/net/sched/act_mirred.c @@ -219,8 +219,10 @@ static int tcf_mirred_act(struct sk_buff bool use_reinsert; bool want_ingress; bool is_redirect; + bool expects_nh; int m_eaction; int mac_len; + bool at_nh; rec_level = __this_cpu_inc_return(mirred_rec_level); if (unlikely(rec_level > MIRRED_RECURSION_LIMIT)) { @@ -261,19 +263,19 @@ static int tcf_mirred_act(struct sk_buff goto out; } - /* If action's target direction differs than filter's direction, - * and devices expect a mac header on xmit, then mac push/pull is - * needed. - */ want_ingress = tcf_mirred_act_wants_ingress(m_eaction); - if (skb_at_tc_ingress(skb) != want_ingress && m_mac_header_xmit) { - if (!skb_at_tc_ingress(skb)) { - /* caught at egress, act ingress: pull mac */ - mac_len = skb_network_header(skb) - skb_mac_header(skb); + + expects_nh = want_ingress || !m_mac_header_xmit; + at_nh = skb->data == skb_network_header(skb); + if (at_nh != expects_nh) { + mac_len = skb_at_tc_ingress(skb) ? skb->mac_len : + skb_network_header(skb) - skb_mac_header(skb); + if (expects_nh) { + /* target device/action expect data at nh */ skb_pull_rcsum(skb2, mac_len); } else { - /* caught at ingress, act egress: push mac */ - skb_push_rcsum(skb2, skb->mac_len); + /* target device/action expect data at mac */ + skb_push_rcsum(skb2, mac_len); } }