Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2640106pxj; Mon, 31 May 2021 07:10:33 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwPd5irEx5FKyBLgYbsaNce1d3Ae2uqFwoFrY2OBA5VUB5+yr1C3/G9Rree2LOUbTQUaBeV X-Received: by 2002:a92:c5b1:: with SMTP id r17mr16486277ilt.255.1622470232890; Mon, 31 May 2021 07:10:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1622470232; cv=none; d=google.com; s=arc-20160816; b=CqYrXiK8944tPgVrI2W/bDDANElQ71syDpklYR/t+7iNWILpEDts+ydKvlzpIeSuiV BEr0S31315q4j7p00TmNjL3RME7KLcYABBBfzHS17kXHAEv4dkPsbrqaomr+2PEwnYsR ohNGVDQCt0VtP4kbbEP64jBf71d/SZGTRZ9jpDPVXtpl8/S3HRwNFZCS0deCwQLMahnS 3c5+YNbyO73zjuerEvdp5R7p6c5YP0tDAS4RkmLK5GsB9vHk1GWlZn6V7JobiFjIrq6D f4kuJXkpC4qh+HIU1+88jEoabHNzOqx6vadeV5qFTLqBl8h4xc/jNr2TOWHvDpZwRfAO qGfw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=JhJm1igSoBjiIx200pMrmeN90tRqMxF01/A9iQ63A4k=; b=EBP4Rolpc9NEZTYNZbowafcyBOCWu+G8Nkhs8/Hy16XKLATPSh5kpOxEcOgLFPNelE 4QGwx748mNPXxBHbEmBZ/11S7ng1WejWN+SmzpwnTYCya/DTWhx3pRIqqcysora3lQz7 Yu/SyKNh0KKSs4ApVgVY45HAHt/LN3OKOAb8FVvsqcCzaT2E8AC7x9lPHioSEEFIifyi QMu1XuMDxBXpdgPiB9hBPOxHcaWWGJ/B8/NNwXHDkPB2XR4ce2cWuYs85i5KAP6+20FF bw5nwpKdxsNcusU0QJi3d+3piBSb9eraJsNU1f7+40jEQxEihJxe5QkemphKDL+jPO0j MPfQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=qS7KYdqL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h5si12323736iol.44.2021.05.31.07.10.19; Mon, 31 May 2021 07:10:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=qS7KYdqL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233291AbhEaOKv (ORCPT + 99 others); Mon, 31 May 2021 10:10:51 -0400 Received: from mail.kernel.org ([198.145.29.99]:50918 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233046AbhEaNoc (ORCPT ); Mon, 31 May 2021 09:44:32 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id D328E61581; Mon, 31 May 2021 13:29:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1622467763; bh=LziqiJxWimC3gHL1WLXsLiuG+LG8itRP/PI0D2fhZbM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=qS7KYdqL+yX88ZxFTgfGwDqg1s/OTMpu+BxTDYoStpXImwZiV/ExKl2UCzwTxnRIn EG8n7ein1sSSg8zQkkaY83YSPiXUrbawiWylOQM8N3DBeWO3Z0rILyUrYvwaWb6Oen LW5r+utbRa+9lL+y25xxCL4xW7NotW0NEukzoLIs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jussi Maki , Daniel Borkmann , Sasha Levin Subject: [PATCH 4.14 70/79] bpf: Set mac_len in bpf_skb_change_head Date: Mon, 31 May 2021 15:14:55 +0200 Message-Id: <20210531130638.237257360@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210531130636.002722319@linuxfoundation.org> References: <20210531130636.002722319@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jussi Maki [ Upstream commit 84316ca4e100d8cbfccd9f774e23817cb2059868 ] The skb_change_head() helper did not set "skb->mac_len", which is problematic when it's used in combination with skb_redirect_peer(). Without it, redirecting a packet from a L3 device such as wireguard to the veth peer device will cause skb->data to point to the middle of the IP header on entry to tcp_v4_rcv() since the L2 header is not pulled correctly due to mac_len=0. Fixes: 3a0af8fd61f9 ("bpf: BPF for lightweight tunnel infrastructure") Signed-off-by: Jussi Maki Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20210519154743.2554771-2-joamaki@gmail.com Signed-off-by: Sasha Levin --- net/core/filter.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/core/filter.c b/net/core/filter.c index a33cf7b28e4d..40b378bed603 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -2438,6 +2438,7 @@ BPF_CALL_3(bpf_skb_change_head, struct sk_buff *, skb, u32, head_room, __skb_push(skb, head_room); memset(skb->data, 0, head_room); skb_reset_mac_header(skb); + skb_reset_mac_len(skb); } bpf_compute_data_end(skb); -- 2.30.2