Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2712354pxj; Mon, 31 May 2021 08:52:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyjg2NovjLcPwRuz4Fpklr4sBw2KAkQx1X6rUNdmYk9JNvWynOPxVOAV8Lr9jCYgLwbXr7o X-Received: by 2002:a17:907:7848:: with SMTP id lb8mr24154550ejc.494.1622476349283; Mon, 31 May 2021 08:52:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1622476349; cv=none; d=google.com; s=arc-20160816; b=ACEEGIVugA2X6ucRQFaMcdvGRwDCILBCnlwIgVJQgja1jZ7AI6mrDwC42jS8RM14F/ V7/Lr1jWZJmcrnvsOmAx84cCAjXf6mGM+ZtWmeoInvaxe0wqBSuNo1p6s/M7T2TQ78PC bVEX2umxSC9JDcPdR5I+PGrAnGgQeHksmby+cQvEul92MCExz5JbUsABbI+BxbwyA6B9 5jzspdBCHOIHA02xSHbA/0RdUhTa9xcvR0E9FnkFHzAK2FGJqWb62IEHGtcHDyTQgmSr 79p10OGCJXH1y9L6TZYSIOQnFgaIP41kZka2fWuqkGjw8M3zk+MRQifxBWHS7qlK5ifV 1sbA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=HTQMVx3RlEJ2lPXG3h0RLiunXNLWGtdwzwLWPCXFJro=; b=aa6x8B5uDjnQNJiDvZb6/CU33UUh7WObSoE0I5CmjXMQMp9V3qtp6UHWtkh/iautNq NXhs/56awmVnpGGzvozRniuhXDoa7YmleBtewwTkBA8XI9vL6LvjXf3UK70e8MZcAhr3 9kCk/BngUimxy9vKgnSkGZLfitiaj6b7ogUiwaFS8ILFXa5WPfjB0E8jXycQj0/99D22 FHjKJ5vdKRqwkQRoOQYXoNyLrs89EjGoqJZ8tuCGJBL6SL7IF51RL/o8EErUIj2UgTx0 KWOaeLM9dCvRkoHGXdiG9lz6ENXSch2DN3aYXKbg7JcPuVLkfawqMUW6ePsIBT8PXzUM RQWw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=fFLA3v5w; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w14si13736132edd.111.2021.05.31.08.52.07; Mon, 31 May 2021 08:52:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=fFLA3v5w; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231485AbhEaPwn (ORCPT + 99 others); Mon, 31 May 2021 11:52:43 -0400 Received: from mail.kernel.org ([198.145.29.99]:54474 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233807AbhEaO3Y (ORCPT ); Mon, 31 May 2021 10:29:24 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id F12DC61C21; Mon, 31 May 2021 13:48:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1622468890; bh=1u35W/3FJW3aqzFqG70FQkWEI0vEjNAboO4K4dfb+Zg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=fFLA3v5wDB/dQ/oSDT9lzB1J0I+F/gr+GknTS5JNKfeFAzyD7JDVahMy/ATSVnqEo cGAd4SVReFZKWU23z7NbXefYbjUDZoMiQMNP3UWWr5iCNIagELSRK+X5bQCzo/CHLN qXn1UALAp/49oNS4uvYuWvp0gFansVyYK+8vovNM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jussi Maki , Daniel Borkmann , Sasha Levin Subject: [PATCH 5.4 160/177] bpf: Set mac_len in bpf_skb_change_head Date: Mon, 31 May 2021 15:15:17 +0200 Message-Id: <20210531130653.448880687@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210531130647.887605866@linuxfoundation.org> References: <20210531130647.887605866@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jussi Maki [ Upstream commit 84316ca4e100d8cbfccd9f774e23817cb2059868 ] The skb_change_head() helper did not set "skb->mac_len", which is problematic when it's used in combination with skb_redirect_peer(). Without it, redirecting a packet from a L3 device such as wireguard to the veth peer device will cause skb->data to point to the middle of the IP header on entry to tcp_v4_rcv() since the L2 header is not pulled correctly due to mac_len=0. Fixes: 3a0af8fd61f9 ("bpf: BPF for lightweight tunnel infrastructure") Signed-off-by: Jussi Maki Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/20210519154743.2554771-2-joamaki@gmail.com Signed-off-by: Sasha Levin --- net/core/filter.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/core/filter.c b/net/core/filter.c index 7fbb274b7fe3..108bcf600052 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -3331,6 +3331,7 @@ static inline int __bpf_skb_change_head(struct sk_buff *skb, u32 head_room, __skb_push(skb, head_room); memset(skb->data, 0, head_room); skb_reset_mac_header(skb); + skb_reset_mac_len(skb); } return ret; -- 2.30.2